Skills
skills/gemini-testing/testplane-skills/testplane-skill/Gen Agent Trust Hub

testplane-skill

Pass

Audited by Gen Agent Trust Hub on Apr 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes npm run setup and node to initialize the environment and verify dependency installation. It also uses npx @testplane/cli for core browser automation tasks like navigation and capturing page states.
  • [EXTERNAL_DOWNLOADS]: The skill downloads the @testplane/cli package from public registries. This dependency is part of the vendor's toolset and is required for the skill's functionality.
  • [PROMPT_INJECTION]: The skill facilitates the processing of external data by navigating to web URLs and capturing DOM snapshots, which constitutes an indirect prompt injection surface.
  • Ingestion points: Content from external web pages accessed via the navigate and snapshot commands in SKILL.md.
  • Boundary markers: None explicitly defined in the instructions to delimit untrusted web content.
  • Capability inventory: Execution of shell commands via npm and npx, and file system access for path resolution (SKILL.md, package.json).
  • Sanitization: No explicit sanitization or filtering of browser-retrieved content is specified.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 23, 2026, 03:19 PM
Security Audit — agent-trust-hub — testplane-skill