e2e-test
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its core workflow involves reading and interpreting existing test specifications, page objects, and selector files from the local repository. This ingested content is then used to guide the agent's actions, which include executing shell commands.
- Ingestion points: The agent is instructed to read files from directories such as
tests/regression/,tests/smoke/, andtests/page-objects/. - Capability inventory: The skill possesses the capability to execute shell commands including
detox test,yarn lint, andyarn lint:tsc. - Boundary markers: No delimiters or explicit instructions are provided to the agent to treat content from the filesystem as untrusted or to ignore instructions embedded within comments or strings in those files.
- Sanitization: No sanitization, validation, or filtering of the content read from the codebase is defined before it influences the agent's logic.
Audit Metadata