iblai-ops-test
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute build and test pipelines using
pnpmandnpx. This includes installing browser binaries and system libraries required for Playwright E2E testing. - [EXTERNAL_DOWNLOADS]: Fetches testing reference documentation and brand guidelines from official IBLAI GitHub repositories. These resources are used to validate that the application meets vendor-specific requirements.
- [COMMAND_EXECUTION]: Dynamically generates and executes a Playwright automation script (
e2e/visual-test.ts) that handles user authentication and captures full-page screenshots for visual inspection. - [PROMPT_INJECTION]: The requirement to inspect application screenshots for UI defects constitutes an indirect prompt injection surface where text rendered in the UI could attempt to influence the agent.
- Ingestion points: Screenshots of the application captured during the E2E test phase (SKILL.md).
- Boundary markers: Absent; there are no instructions to disregard content within the screenshots.
- Capability inventory: Shell command execution via
pnpmandnpx(SKILL.md). - Sanitization: None; screenshots are analyzed as raw visual input.
Audit Metadata