cypress-to-scout-migration
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes local shell scripts (
scripts/scaffold_scout_spec.shandscripts/extract_selectors.sh) to automate common migration tasks such as generating boilerplate test files and validating data-test-subj selectors within the source code. These scripts operate locally and perform standard file system and search operations. - [EXTERNAL_DOWNLOADS]: The documentation includes a reference to
https://ci-stats.kibana.dev/trigger_flaky_test_runner. This is a legitimate utility within the Elastic development ecosystem used for verifying the stability of newly migrated tests in the CI pipeline. - [DATA_EXPOSURE]: The instructions emphasize a 'Data Cleanup Audit,' requiring the agent to identify and explicitly clean up resources like saved objects, indices, and API keys created during test execution. This is a security-positive practice that prevents data leakage and environment pollution in shared testing environments.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it is designed to ingest and process existing Cypress test files (
.cy.ts). While these files could theoretically contain malicious instructions in comments, the risk is inherent to the skill's primary purpose of code translation and is mitigated by the highly structured nature of the migration instructions. - Ingestion points: Cypress test files (
.cy.ts) and imported tasks/screens files. - Boundary markers: Not explicitly present in scripts; instructions rely on the agent's code-parsing capabilities.
- Capability inventory: Local shell execution for utility scripts and file system writes for generating new test specs.
- Sanitization: No explicit sanitization of test code content is performed beyond standard regex-based selector extraction.
Audit Metadata