triage

Pass

Audited by Gen Agent Trust Hub on May 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands using npx to run the test suite (npx shiplight test) and to update its own dependencies (npx -y skills@latest update -y).
  • [REMOTE_CODE_EXECUTION]: The skill uses npx -y skills@latest update -y to download and execute code from the npm registry. This is part of the vendor's self-update mechanism but represents a remote code execution vector.
  • [EXTERNAL_DOWNLOADS]: The skill periodically checks for updates and downloads the latest version of the skills package from a remote repository via npx.
  • [CREDENTIALS_UNSAFE]: The skill accesses and utilizes "storage state files," which are used by Playwright to store sensitive session information such as cookies and authentication tokens.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from the application under test.
  • Ingestion points: The agent reads the application's DOM through inspect_page and analyzes browser logs (console and network) to diagnose failures.
  • Boundary markers: The instructions do not provide explicit delimiters or warnings to ignore instructions embedded within the application's UI or logs.
  • Capability inventory: The agent can execute shell commands (npx), modify local YAML files, and interact with the browser via the act tool.
  • Sanitization: There is no documented mechanism for filtering or sanitizing the content retrieved from the web page before it is processed by the agent to generate new test steps.
Audit Metadata
Risk Level
SAFE
Analyzed
May 29, 2026, 05:08 PM
Security Audit — agent-trust-hub — triage