verify
Warn
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill implements a persistence mechanism by using the "CronCreate" tool to schedule recurring daily regression checks.
- Evidence: Found in the "SKILL.md" 'Regression Monitor' section and "verification-checklist.md" where daily prompts are configured.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted project data, including source code and UI screenshots, using LLM-powered sub-agents.
- Ingestion points: Reads local source files and captures rendered application pages via "agent-browser".
- Boundary markers: Absent. The sub-agent prompts lack explicit delimiters or instructions to ignore instructions embedded in the analyzed content.
- Capability inventory: The skill has high-privilege capabilities including "Bash" execution, file "Write" access, and "PushNotification" signaling.
- Sanitization: No sanitization or validation of the processed data is implemented before it is passed to sub-agents.
- [COMMAND_EXECUTION]: The skill executes arbitrary shell commands via the "Bash" tool to perform framework detection and run test suites based on project structure.
- Evidence: Found in "SKILL.md" and "references/visual-capture.md" where commands like "npm run dev" and "pytest" are invoked dynamically.
Audit Metadata