triage
Pass
Audited by Gen Agent Trust Hub on May 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands using
npxto run the test suite (npx shiplight test) and to update its own dependencies (npx -y skills@latest update -y). - [REMOTE_CODE_EXECUTION]: The skill uses
npx -y skills@latest update -yto download and execute code from the npm registry. This is part of the vendor's self-update mechanism but represents a remote code execution vector. - [EXTERNAL_DOWNLOADS]: The skill periodically checks for updates and downloads the latest version of the
skillspackage from a remote repository vianpx. - [CREDENTIALS_UNSAFE]: The skill accesses and utilizes "storage state files," which are used by Playwright to store sensitive session information such as cookies and authentication tokens.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from the application under test.
- Ingestion points: The agent reads the application's DOM through
inspect_pageand analyzes browser logs (console and network) to diagnose failures. - Boundary markers: The instructions do not provide explicit delimiters or warnings to ignore instructions embedded within the application's UI or logs.
- Capability inventory: The agent can execute shell commands (
npx), modify local YAML files, and interact with the browser via theacttool. - Sanitization: There is no documented mechanism for filtering or sanitizing the content retrieved from the web page before it is processed by the agent to generate new test steps.
Audit Metadata