writing-e2e-tests

Pass

Audited by Gen Agent Trust Hub on Jun 21, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes several shell commands to manage the local development and testing environment.
  • Docker commands are used to rebuild the frontend after adding test IDs: docker compose build, docker stop, docker rm, and docker compose up.
  • Playwright tests are executed using the standard npx playwright test command within the tests_end_to_end/e2e/ directory.
  • [DATA_EXFILTRATION]: The skill accesses and modifies the local configuration file ~/.opik.config.
  • It reads the file to verify the url_override and provides instructions to overwrite it with a local URL (http://localhost:5173/api) to prevent accidental data creation in cloud environments.
  • This interaction is documented as a safety check and includes a recommendation to back up the original configuration (cp ~/.opik.config ~/.opik.config.bak).
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the analysis of external code and project data.
  • Ingestion points: The skill analyzes frontend source code in apps/opik-frontend/ and branch or pull request diffs provided by the user (Step 1 and Step 2 in SKILL.md).
  • Boundary markers: There are no explicit delimiters or boundary instructions defined to prevent the agent from obeying instructions that might be embedded in the code or diffs.
  • Capability inventory: The skill possesses the capability to execute shell commands (Docker, Playwright) and write to the local filesystem (~/.opik.config).
  • Sanitization: No sanitization or validation of the content from source code or diffs is performed before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 21, 2026, 07:40 AM
Security Audit — agent-trust-hub — writing-e2e-tests