localhost-screenshots
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Provides numerous shell commands and Node.js script templates for browser automation, screenshot capture, and visual regression analysis. These include
npx serve,npx playwright install, and various script snippets for handling persistent browser sessions and element-specific captures.\n- [EXTERNAL_DOWNLOADS]: Instructions recommend installing standard Node.js packages such asplaywright,pixelmatch,pngjs,serve,@11ty/eleventy, andwait-onfrom official registries.\n- [REMOTE_CODE_EXECUTION]: Usesnode -eandnpxto execute browser automation logic. The provided templates allow the agent to interact with locally running web applications and capture page data.\n- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection by processing external data from web pages. \n - Ingestion points: Page structure and content are ingested via
page.accessibility.snapshot()andpage.evaluate()(DOM serialization and element maps).\n - Boundary markers: Absent; the templates do not include specific delimiters or instructions for the agent to disregard instructions found within the processed web content.\n
- Capability inventory: The skill allows for file writing (
fs.writeFileSync), shell command execution (node -e), and network navigation (page.goto).\n - Sanitization: Some patterns include logic to remove
<script>and event handler attributes from serialized HTML snapshots to reduce risk.
Audit Metadata