e2e-test-generator

Warn

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes multiple shell commands to perform quality checks and run the generated tests.
  • Evidence: SKILL.md and references/quality-gates.md specify the use of npx playwright test, yarn type-check (or npx tsc --noEmit), and yarn lint (or npx eslint).
  • Evidence: SKILL.md describes a workflow where the agent writes a .spec.ts file and immediately executes it to confirm it passes.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes external, user-provided test plans which serve as the primary input for code generation. This introduces a risk where malicious instructions within a plan could influence the agent's code output or system behavior.
  • Ingestion points: SKILL.md defines the input as "Reviewed test plans (scenarios/steps)" typically stored in markdown or text files (e.g., docs/e2e/checkout-plan.md).
  • Boundary markers: Absent. The instructions do not specify the use of delimiters or
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 23, 2026, 04:46 PM
Security Audit — agent-trust-hub — e2e-test-generator