cypress-debugger
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes standard system utilities and Node.js one-liners to locate and extract data from local test reports.
- Evidence: SKILL.md includes commands such as
find,cat,jq, andnode -eto processmochawesome.jsonandresults.xmlfiles. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by processing external data from test reports.
- Ingestion points: Test failure messages and stack traces are read from
cypress/reports/mochawesome.jsonandcypress/reports/results.xmland presented to the agent. - Boundary markers: Absent; the failure data is not wrapped in delimiters or accompanied by instructions to ignore embedded commands.
- Capability inventory: The skill has the ability to execute shell commands, read local files, and navigate directories.
- Sanitization: Absent; the skill does not filter or escape the contents of the error logs before they are processed by the agent.
Audit Metadata