e2e-testing
Warn
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill provides a template for CLI testing that uses subprocess.run(command.split()) to execute strings directly from Gherkin feature files. This pattern is susceptible to command injection if the Gherkin scenario contains malicious input.
- [CREDENTIALS_UNSAFE]: The authenticated_page fixture template contains hardcoded example credentials admin and admin123.
- [PROMPT_INJECTION]: The skill architecture creates an indirect prompt injection surface. 1. Ingestion points: Gherkin .feature files described in SKILL.md. 2. Boundary markers: Absent for scenario-derived command strings. 3. Capability inventory: subprocess.run (CLI testing) and playwright browser automation in SKILL.md. 4. Sanitization: Absent; command.split() provides no security boundary against injection.
- [EXTERNAL_DOWNLOADS]: The skill instructions include installing browser binaries via playwright install chromium, which is a standard procedure from a well-known service.
Audit Metadata