Skills
skills/mounchons/agentmarketplace/qa-ui-test/Gen Agent Trust Hub

qa-ui-test

Pass

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The scripts/setup.js script uses execSync to initialize the project, install the Playwright framework, and provision browser binaries.
  • [EXTERNAL_DOWNLOADS]: The skill fetches necessary testing dependencies and browser binaries from official registries during the initialization phase.
  • [REMOTE_CODE_EXECUTION]: The agent creates and runs executable Playwright test scripts (.spec.ts) based on the layout and content of analyzed web pages.
  • [PROMPT_INJECTION]: The process of analyzing external web content to generate scenarios poses a risk of indirect prompt injection.
  • Ingestion points: Untrusted web page content read via Playwright navigation in SKILL.md Step 1.
  • Boundary markers: Not explicitly implemented to isolate external data from internal agent instructions.
  • Capability inventory: Writing files (test scripts, data) and executing shell commands (Playwright test runner).
  • Sanitization: No specific mechanisms for sanitizing or escaping ingested web content are defined in the instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 7, 2026, 06:37 PM
Security Audit — agent-trust-hub — qa-ui-test