e2e-test-healer

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect prompt injection attack surface identified. The skill processes external data that could contain malicious instructions.
  • Ingestion points: The agent reads from trace.zip files (DOM snapshots, console logs, network logs), product source code, and git history/diffs.
  • Boundary markers: No specific boundary markers or instructions to ignore embedded commands within ingested data are present.
  • Capability inventory: The agent can execute shell commands via npx, yarn, and git, and it has the authority to modify source code files.
  • Sanitization: The skill lacks explicit sanitization or validation of data retrieved from trace files before it influences agent actions.
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute various shell commands for testing and verification.
  • Evidence: The workflow involves npx playwright test, git log, git diff, yarn lint, and yarn type-check for diagnosing and verifying test fixes. These are standard development operations.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 04:46 PM
Security Audit — agent-trust-hub — e2e-test-healer