ui-test
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill operates by executing shell commands via the
browseCLI to control a browser. These commands include viewport management, navigation, interaction (clicks/typing), and evaluation of JavaScript within the browser context. It recommends specific permission settings in.claude/settings.jsonto allow these operations efficiently. - [EXTERNAL_DOWNLOADS]: For accessibility auditing, the skill fetches the
axe-corelibrary from Cloudflare's CDN (cdnjs.cloudflare.com) and injects it into the browser environment. This is a standard methodology for accessibility testing using established, well-known libraries. - [PROMPT_INJECTION]: The skill ingests untrusted data from git diffs and web application content to generate test plans. This constitutes an indirect prompt injection surface; however, the risk is inherent to its primary purpose as a testing tool, and the skill implements a structured assertion protocol (
STEP_PASS/STEP_FAIL) to maintain deterministic output. - [DATA_EXFILTRATION]: While the skill captures application screenshots and console logs, these are stored locally in the
.context/ui-test-screenshots/directory and embedded into a standalone HTML report. No patterns of unauthorized data transmission to external servers were detected.
Audit Metadata