e2e-testing

Pass

Audited by Gen Agent Trust Hub on May 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides instructions for project initialization using flutter-skill init, which is designed to patch application source code with a testing bridge and manage application launches via flutter-skill launch.
  • [EXTERNAL_DOWNLOADS]: The skill references several platform-specific packages from official registries (including npm, pub.dev, NuGet, Cargo, and Swift Package Manager) all maintained by the vendor to facilitate testing on various environments.
  • [DATA_EXFILTRATION]: Tools such as screenshot and get_logs enable the agent to access the application's user interface and runtime logs. This capability is required for the tool's primary purpose of UI verification and debugging.
  • [INDIRECT_PROMPT_INJECTION]: The tool ingests UI data which could contain content controlled by external inputs.
  • Ingestion points: UI text and element properties are read via inspect_interactive and get_text tools in SKILL.md.
  • Boundary markers: None mentioned.
  • Capability inventory: Interactive tools including tap, enter_text, and press_key are available to the agent.
  • Sanitization: No specific sanitization of the application's UI content is detailed in the skill instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 23, 2026, 06:09 AM
Security Audit — agent-trust-hub — e2e-testing