Skills
skills/heyitsaamir/teams-e2e-testing/teams-e2e-test/Gen Agent Trust Hub

teams-e2e-test

Fail

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill reads the 'bot start command' from the e2e-instructions.md file and executes it directly via a shell tool. This allows for arbitrary command execution if the file content is modified by an untrusted source.
  • [DATA_EXFILTRATION]: The teams-fixture.ts file provided in the skill references and accesses sensitive browser profile data in ~/Library/Caches/ms-playwright/daemon/. These directories contain active session cookies and authentication tokens for Microsoft Teams.
  • [REMOTE_CODE_EXECUTION]: The skill implements a dynamic code generation workflow where it writes TypeScript files to a generated/ directory and executes them using npx playwright test. This pattern can be exploited if malicious specifications are provided in the source markdown files.
  • [EXTERNAL_DOWNLOADS]: The skill's bootstrap phase downloads and installs packages from the NPM registry and fetches browser binaries using the Playwright installer.
  • [PROMPT_INJECTION]: The skill relies on external markdown files (e2e-instructions.md and e2e.spec.md) as the 'source-of-truth' for its operations. This creates a surface for indirect prompt injection where an attacker-controlled file could trick the agent into exfiltrating credentials or executing malicious code.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 24, 2026, 03:23 AM