test-environments
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection by instructing the agent to read and respect local project context files.
- Ingestion points: Reads project-specific constraints from
.agents/qa-project-context.mdto guide environment design. - Boundary markers: No specific delimiters or instructions to ignore embedded commands within the context file are provided.
- Capability inventory: The skill utilizes shell-based capabilities including
docker compose,npm,npx,psql, andcurlto manage infrastructure and data. - Sanitization: No explicit sanitization or validation of the ingested context data is mentioned before it influences command execution.
- [DATA_EXPOSURE]: The skill explicitly warns against using production database copies in test environments to prevent PII exposure and recommends factory-based or anonymized data seeding.
- [COMMAND_EXECUTION]: Provides standard devops commands for container orchestration and database management. These are well-documented and necessary for the skill's intended purpose.
- [SAFE]: All external tools, images (PostgreSQL, Redis, MinIO, MailHog), and libraries (MSW, Playwright, Vitest) referenced in the examples are standard, well-known resources in the software development ecosystem.
Audit Metadata