pest-testing
Warn
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses deceptive metadata to impersonate a trusted source.\n
- Evidence: The YAML frontmatter lists 'laravel' as the author, which is a well-known organization, while the actual skill author context is 'imsus'. This impersonation is a deceptive practice that can mislead users and agents about the skill's origin and safety.\n- [PROMPT_INJECTION]: The skill references non-existent software versions to establish false authority.\n
- Evidence: The documentation and description repeatedly mention 'Pest 4' features, despite the current stable version of the Pest framework being version 3. This misleading versioning suggests the skill may be distributing unverified or fabricated patterns.\n- [PROMPT_INJECTION]: The skill's browser testing capabilities present an indirect prompt injection surface.\n
- Ingestion points: The agent is instructed to use the
visit()function to interact with web pages, which loads external application content into its context (found in SKILL.md).\n - Boundary markers: The instructions do not define delimiters or provide specific warnings to the agent to ignore potential instructions embedded in the HTML or console logs of the visited pages.\n
- Capability inventory: The agent is granted the ability to execute shell commands (e.g.,
php artisan test) and modify application files.\n - Sanitization: No mechanisms for filtering or sanitizing ingested page content are described.
Audit Metadata