Skills
skills/wizeline/sdlc-agents/qa-detecting-visual-regressions/Gen Agent Trust Hub

qa-detecting-visual-regressions

Pass

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The scripts/compare.py script executes a shell command using subprocess.check_call to install the Pillow library if it is missing from the environment.
  • [EXTERNAL_DOWNLOADS]: The skill downloads the Pillow package from the Python Package Index (PyPI) at runtime. While PyPI is a well-known service, the dynamic nature of the download is noted.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes visual data from external, untrusted URLs. 1. Ingestion points: Web pages captured by scripts/capture.py. 2. Boundary markers: None; the vision model analyzes the entire rendered page. 3. Capability inventory: The skill has file-writing capabilities and can execute shell commands (pip). 4. Sanitization: No validation or sanitization is performed on the captured visual content before model analysis.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 20, 2026, 03:29 AM