tester
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs several shell operations including project building (
pnpm build), starting a development server (pnpm dev), and database schema verification (npx prisma). While standard for testing, these represent high-privilege actions. - [EXTERNAL_DOWNLOADS]: The skill instructs the agent to download and install external libraries (
@browserbasehq/stagehand,zod) and toolsets (playwright) from the NPM registry. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from project documentation files to determine test logic and drive browser interactions.
- Ingestion points: Reads from
PRD-*.md,USER-JOURNEY.md, andEPIC-*.mdto define testing scenarios. - Boundary markers: Absent. There are no delimiters or instructions to ignore embedded commands within the ingested files.
- Capability inventory: Access to shell commands (
pnpm,node,npx), file system access, and AI-driven browser control via Stagehand. - Sanitization: Absent. Data from these files is directly interpreted by the model to generate and execute test steps.
Audit Metadata