add-webcodecs-bug
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs legitimate documentation maintenance tasks. It reads project-specific documentation and uses a browser tool to retrieve information from well-known issue trackers (Chromium, WebKit, Mozilla). No malicious patterns such as credential theft, remote code execution, or unauthorized exfiltration were detected.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes content from external websites. A maliciously crafted bug report could attempt to influence the agent's behavior during the file-writing step. However, the risk is minimal due to the narrow scope of the task.
- Ingestion points: Output from the
browser:control-in-app-browsertool for user-provided URLs. - Boundary markers: No explicit delimiters are used to separate the external content from the agent's instructions.
- Capability inventory: File write access to
packages/docs/docs/mediabunny/webcodecs-bugs.mdx. - Sanitization: The agent is instructed to map specific fields from the page, which provides a degree of natural filtering, but no formal sanitization is present.
Audit Metadata