oro-e2e-testing
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
oro/e2e-testspackage using Composer. This is a standard development dependency for the OroCommerce ecosystem. - [COMMAND_EXECUTION]: Provides instructions for running local development and testing tools, including
php bin/behatandchromedriver. These commands are standard for the described testing workflow. - [DATA_EXFILTRATION]: Documentation for the 'OpenAI Healer' feature notes that it sends page source and failure context to an external API (OpenAI). The skill correctly identifies this as a potential data exposure risk and includes explicit warnings against using this feature with sensitive data or in CI/CD environments.
- [PROMPT_INJECTION]: An indirect prompt injection surface exists in the 'OpenAI Healer' extension, which processes untrusted page content from the application under test to generate step corrections. The skill mitigates this by labeling it experimental and providing clear usage constraints.
- [SAFE_PRACTICE]: The skill actively promotes security best practices by instructing users to use
.gitignorefor secret files and providing a.disttemplate for credential management.
Audit Metadata