resilience-review
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary function is automated resilience testing. It uses standard browser automation techniques to simulate error states and verify UI stability.
- [COMMAND_EXECUTION]: The skill utilizes browser control commands (e.g.,
new_session,page.route,get_browser_console_logs) to perform fault injection. This execution is scoped to the analysis of a target web application as defined by the user. - [DATA_EXPOSURE_AND_EXFILTRATION]: While the skill reads console logs and application state, its purpose is to detect PII exposure (ERR-10) and technical leakages (ERR-06) rather than exfiltrate them. Findings and generated tests are stored locally in a vendor-specific directory (
shiplight/). - [INDIRECT_PROMPT_INJECTION]: The skill has an attack surface for indirect injection as it processes data from external URLs and browser logs. However, its capabilities are restricted to reporting and local test generation, presenting a low risk typical of web-auditing tools.
Audit Metadata