e2e-cucumber-playwright
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were identified. The skill is designed to operate within the
e2e/directory and follows standard, well-documented testing practices. - [COMMAND_EXECUTION]: The skill facilitates the execution of local project commands, specifically
pnpm -C e2e check, to validate test changes. This is consistent with the primary purpose of the skill. - [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection as it is instructed to read and process external repository files (feature files and source code) and can execute shell commands.
- Ingestion points: Files within the
e2e/directory, including Gherkin.featurefiles and TypeScript step definitions. - Boundary markers: Not explicitly mentioned; the skill does not define specific delimiters for separating repository content from instructions.
- Capability inventory: Execution of shell commands via
pnpmto run test suites. - Sanitization: None specified within the skill instructions; it relies on the host agent's internal safety filters.
Audit Metadata