privacy-review
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and processes untrusted data from external websites during its analysis phase.
- Ingestion points: Untrusted content is ingested via
new_sessionand browser inspection tools targeting user-provided URLs. - Boundary markers: The skill does not explicitly use delimiters or ignore directives when processing external site content, console logs, or network payloads.
- Capability inventory: The skill has the capability to interact with the browser (
act), read console logs, and write findings to the local filesystem (shiplight/reports/). - Sanitization: No sanitization or filtering of the ingested external data is performed before it is analyzed by the agent.
- [COMMAND_EXECUTION]: The skill generates regression tests in YAML format that include functional code blocks (
CODE: | ...) used to validate PII presence and browser behavior. This generation is restricted to the skill's own reporting and testing directories.
Audit Metadata