cypress-debugger
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes standard system tools such as
find,jq, andnodeto extract failure data from Cypress mochawesome and JUnit reports. These operations are restricted to the local filesystem and serve the primary diagnostic purpose of the skill. - [PROMPT_INJECTION]: The instructions include a proactive security section addressing the risks of processing untrusted report artifacts. It explicitly directs the agent to treat strings from reports as data rather than instructions and provides specific prohibitions against executing content extracted from these files, which effectively addresses potential indirect prompt injection vectors.
- [DATA_EXFILTRATION]: No unauthorized network activity or sensitive data access patterns were detected. The skill's scope is limited to analyzing local test results and providing remediation advice.
- [REMOTE_CODE_EXECUTION]: There are no patterns suggesting the download or execution of remote scripts. The logic relies on built-in commands and static scripts provided within the skill documentation.
Audit Metadata