e2e-ui-fix
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it reads external bug reports from docs/e2e-ui/bug-report-test-N.md and uses that content to guide code modifications and test generation. • Ingestion points: File docs/e2e-ui/bug-report-test-N.md is read in Step 1. • Boundary markers: Absent; there are no instructions to the agent to treat the content of the bug report as untrusted data. • Capability inventory: The skill utilizes file read/write operations and code execution via a Playwright MCP server. • Sanitization: Absent; the skill does not specify any validation or sanitization of the bug report data.
- [COMMAND_EXECUTION]: The skill performs dynamic code generation and execution as part of its core functionality. In Step 6, it generates Playwright test scripts (regression tests) and executes them via the Playwright MCP server. While this is the primary purpose of the skill, the lack of input sanitization from the bug reports could lead to the generation of malicious test code.
Audit Metadata