e2e-flow-planner
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it processes untrusted data from multiple external sources to generate its test plans.
- Ingestion points: The skill reads issue titles and descriptions via
gh issue list, scans file contents usingrg, and captures browser DOM structures throughplaywright-cli snapshotas described inreferences/discovery-sources.mdandreferences/exploration-with-playwright.md. - Boundary markers: There are no instructions for the agent to use delimiters or specific safety warnings to ignore instructions embedded within the data being analyzed.
- Capability inventory: The skill possesses the ability to execute shell commands (
gh,rg,git,fd) and interact with a browser viaplaywright-cli. - Sanitization: The instructions do not specify any validation or sanitization steps for the data retrieved from the codebase or issue tracker.
- [COMMAND_EXECUTION]: The skill utilizes several command-line interface (CLI) tools to perform project discovery and analysis.
- Evidence includes instructions to use
gh issue listfor retrieving bug reports,rgandfdfor searching the repository, andgit logfor analyzing change history. - It also integrates with a separate skill,
playwright-cli, to perform browser-based exploration of the application's user interface.
Audit Metadata