Skills
skills/block/goose/create-app-e2e-test/Gen Agent Trust Hub

create-app-e2e-test

Pass

Audited by Gen Agent Trust Hub on May 4, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [DYNAMIC_EXECUTION]: The skill generates new Vitest test files at tests/app-e2e/*.test.ts and executes them using the pnpm test:app-e2e command. It also instructions the agent to modify application source code by adding data-testid attributes when necessary for element selection.
  • [INDIRECT_PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection because it ingests UI data from the running application through the pnpm test-driver snapshot command. If the application displays untrusted or attacker-controlled content, that content could influence the agent's actions or the code it generates.
  • Ingestion points: UI snapshots returned by the pnpm test-driver snapshot command.
  • Boundary markers: None identified; the agent is instructed to use the snapshot output directly to understand the UI state.
  • Capability inventory: The agent can execute shell commands via pnpm, write new test files to the file system, and modify existing application source code.
  • Sanitization: No sanitization or validation of the UI snapshot content is specified before the data is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 4, 2026, 03:36 PM
Security Audit — agent-trust-hub — create-app-e2e-test