browser-preview

Pass

Audited by Gen Agent Trust Hub on May 25, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to use standard system utilities such as cat, curl, and find to diagnose the status of preview services and identify project directories. This usage is confined to operational health checks and service discovery.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting data from platform-specific state files. 1. Ingestion points: /data/previews.json and /data/preview_history.json (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: The agent uses preview_serve, preview_stop, curl, and find based on this data. 4. Sanitization: The instructions do not specify validation or sanitization of the values (e.g., titles or commands) retrieved from these files. However, this is considered a low-risk surface area inherent to the skill's primary function of service management.
Audit Metadata
Risk Level
SAFE
Analyzed
May 25, 2026, 08:57 PM
Security Audit — agent-trust-hub — browser-preview