Skills
skills/alexei-led/cc-thingz/testing-e2e/Gen Agent Trust Hub

testing-e2e

Pass

Audited by Gen Agent Trust Hub on Apr 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to run tests via npx playwright test, install dependencies with npm install, and execute helper scripts via node.
  • [EXTERNAL_DOWNLOADS]: Automatically fetches the @playwright/test package and browser binaries from the official NPM registry and Microsoft servers, which are trusted sources.
  • [REMOTE_CODE_EXECUTION]: Executes Playwright test scripts dynamically generated by the agent and stored in the /tmp directory, which is a core function for automated testing tasks.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests local project files to inform its testing logic.
  • Ingestion points: Reads project files including package.json, playwright.config.ts, and **/*.spec.ts files.
  • Boundary markers: Does not implement delimiters or safety instructions when reading the contents of these files.
  • Capability inventory: Has access to Bash for shell command execution and Task for spawning sub-agents.
  • Sanitization: Content from the ingested files is used without explicit sanitization to determine execution parameters like dev server commands.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 14, 2026, 08:42 PM
Security Audit — agent-trust-hub — testing-e2e