browser-qa
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to execute Playwright scripts and Node.js commands. This is the primary mechanism for running browser-based tests and is consistent with the skill's stated purpose. - [PROMPT_INJECTION]: The skill interacts with external web content during testing, creating a surface for indirect prompt injection. Malicious instructions embedded in a web page's HTML or metadata could potentially influence the agent's behavior if it interprets that content as instructions.
- Ingestion points: Web page content, console logs, and network responses processed by Playwright scripts.
- Boundary markers: None currently defined to separate page content from agent instructions.
- Capability inventory:
Bash,Write, andEdittools which could be abused if an indirect injection is successful. - Sanitization: No explicit sanitization of page content before processing.
- [DATA_EXFILTRATION]: The skill is designed to capture screenshots and logs from the application under test. Users should be aware that if an application displays sensitive data (secrets, PII) on the UI, that data will be captured in the QA reports and stored locally.
Audit Metadata