testing-blocks
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to install well-known development and testing dependencies, including
vitest,jsdom, andplaywright, from the official npm registry. These are standard tools for web application testing. - [COMMAND_EXECUTION]: The documentation provides commands for executing local development tasks such as
npm test,npm run lint, and running a temporary Playwright automation script. These actions are confined to the local development environment and are typical for the described workflow. - [PROMPT_INJECTION]: The skill contains a potential surface for indirect prompt injection as it involves an agent navigating to and inspecting local web pages (
localhost:3000). However, given the context of testing locally developed components, this is considered a standard functional requirement. - Ingestion points: Automated browser navigation and content inspection via Playwright as described in
SKILL.md. - Boundary markers: Not present in the provided script templates.
- Capability inventory: Shell command execution via
node,npm, andaemCLI tools acrossSKILL.mdand resource files. - Sanitization: Not applicable as the testing targets locally authored code and content.
Audit Metadata