smoke-test

Fail

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The execution logic in 'references/execution.md' attempts to run a './setup' script located within the repository's '.agents/skills/gstack' directory. This facilitates arbitrary command execution if the skill is triggered within a malicious or compromised repository.
  • [COMMAND_EXECUTION]: The skill resolves the path to its 'browse' binary by checking repository-local directories ('.agents/skills/gstack/browse/dist/browse'). This allows for the execution of unverified binaries provided as part of a project's source code.
  • [DATA_EXFILTRATION]: The skill is designed to capture screenshots, console error logs, and network traffic details to generate reports. This evidence-gathering process can inadvertently collect and store sensitive information such as session cookies, Authorization headers, and personally identifiable information (PII) from the application being tested.
  • [PROMPT_INJECTION]: The skill ingests and follows instructions from external 'smoke test documents' (Markdown, YAML, JSON). This creates an attack surface for indirect prompt injection, where an attacker-controlled test document could instruct the agent to perform malicious actions within the browser session.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 15, 2026, 02:08 AM
Security Audit — agent-trust-hub — smoke-test