oro-e2e-testing

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the oro/e2e-tests package using Composer. This is a standard development dependency for the OroCommerce ecosystem.
  • [COMMAND_EXECUTION]: Provides instructions for running local development and testing tools, including php bin/behat and chromedriver. These commands are standard for the described testing workflow.
  • [DATA_EXFILTRATION]: Documentation for the 'OpenAI Healer' feature notes that it sends page source and failure context to an external API (OpenAI). The skill correctly identifies this as a potential data exposure risk and includes explicit warnings against using this feature with sensitive data or in CI/CD environments.
  • [PROMPT_INJECTION]: An indirect prompt injection surface exists in the 'OpenAI Healer' extension, which processes untrusted page content from the application under test to generate step corrections. The skill mitigates this by labeling it experimental and providing clear usage constraints.
  • [SAFE_PRACTICE]: The skill actively promotes security best practices by instructing users to use .gitignore for secret files and providing a .dist template for credential management.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 07:00 PM
Security Audit — agent-trust-hub — oro-e2e-testing