auth-handler
Pass
Audited by Gen Agent Trust Hub on Jun 21, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill instructions require the agent to access and read the
.envfile to retrieve sensitive credentials includingTEST_EMAIL,ADMIN_EMAIL,TEST_PASSWORD, andADMIN_PASS. While this access is essential for the skill's purpose of automated authentication, it involves the exposure of sensitive local files. - [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by navigating to and interacting with an external web application (
APP_URL). Maliciously crafted content on the target site could theoretically attempt to influence the agent's actions during the login sequence. - Ingestion points: External web application via the
APP_URLvariable. - Boundary markers: No specific delimiters or "ignore instructions" warnings are defined for the browser interaction steps.
- Capability inventory: Playwright browser automation tools (navigate, click, fill, wait).
- Sanitization: No sanitization or content validation of the target page is performed prior to interaction.
- [COMMAND_EXECUTION]: The skill utilizes Playwright browser automation tools to execute navigational and interactive commands (e.g., clicking buttons and filling text boxes) based on data retrieved from environment variables.
Audit Metadata