compliance-review
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill operates within its defined scope of performing technical compliance reviews. It requests necessary access to target applications and browser logs to verify security controls, and stores audit artifacts in the vendor-specific 'shiplight/' directory.\n- [PROMPT_INJECTION]: The skill contains an attack surface for indirect prompt injection by processing external application content and browser console logs. This is a structural risk factor inherent to site auditing tools.\n
- Ingestion points: External target application URLs, browser console logs, and local codebase files.\n
- Boundary markers: Missing explicit delimiters to separate external data from agent instructions.\n
- Capability inventory: Browser session management (
new_session) and file system operations for report and test generation.\n - Sanitization: No data sanitization procedures are specified for external inputs before analysis.
Audit Metadata