e2e-flow-planner

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it processes untrusted data from multiple external sources to generate its test plans.
  • Ingestion points: The skill reads issue titles and descriptions via gh issue list, scans file contents using rg, and captures browser DOM structures through playwright-cli snapshot as described in references/discovery-sources.md and references/exploration-with-playwright.md.
  • Boundary markers: There are no instructions for the agent to use delimiters or specific safety warnings to ignore instructions embedded within the data being analyzed.
  • Capability inventory: The skill possesses the ability to execute shell commands (gh, rg, git, fd) and interact with a browser via playwright-cli.
  • Sanitization: The instructions do not specify any validation or sanitization steps for the data retrieved from the codebase or issue tracker.
  • [COMMAND_EXECUTION]: The skill utilizes several command-line interface (CLI) tools to perform project discovery and analysis.
  • Evidence includes instructions to use gh issue list for retrieving bug reports, rg and fd for searching the repository, and git log for analyzing change history.
  • It also integrates with a separate skill, playwright-cli, to perform browser-based exploration of the application's user interface.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 04:46 PM
Security Audit — agent-trust-hub — e2e-flow-planner