browser-preview
Pass
Audited by Gen Agent Trust Hub on May 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use standard system utilities such as
cat,curl, andfindto diagnose the status of preview services and identify project directories. This usage is confined to operational health checks and service discovery. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting data from platform-specific state files. 1. Ingestion points:
/data/previews.jsonand/data/preview_history.json(SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: The agent usespreview_serve,preview_stop,curl, andfindbased on this data. 4. Sanitization: The instructions do not specify validation or sanitization of the values (e.g., titles or commands) retrieved from these files. However, this is considered a low-risk surface area inherent to the skill's primary function of service management.
Audit Metadata