migrate-cypress-to-codeceptjs
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to run various shell commands to manage the migration workflow, including
npx codeceptjs init,npx codeceptjs check,npx codeceptjs list,npx codeceptjs dry-run, andnpx codeceptjs run. - [EXTERNAL_DOWNLOADS]: The migration process involves dependencies on several Node.js packages associated with the CodeceptJS ecosystem, such as
codeceptjs,@codeceptjs/configure,@codeceptjs/helper,@codeceptjs/effects, and@testomatio/reporter. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it is designed to ingest and process untrusted Cypress configuration and test files.
- Ingestion points: Files located in
cypress/e2e/,cypress/support/, andcypress.config.*are read and analyzed by the agent. - Boundary markers: There are no explicit instructions or delimiters defined to prevent the agent from being influenced by malicious instructions that might be embedded within the Cypress source code.
- Capability inventory: The agent has the ability to execute shell commands, write new test/helper files, and perform browser-side execution via
page.evaluateandaddInitScript. - Sanitization: No specific sanitization or validation of the input Cypress code is performed before it is processed or converted.
- [REMOTE_CODE_EXECUTION]: The skill generates new JavaScript and TypeScript files (e.g., helpers and test specs) and uses browser-level execution methods like
page.evaluateandaddInitScriptto interact with the application under test. These are standard features for end-to-end testing frameworks.
Audit Metadata