testing-e2e
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill instructions, metadata, and scripts are legitimate and consistent with the primary purpose of end-to-end testing. No obfuscation, credential exposure, or persistence mechanisms were detected.\n- [COMMAND_EXECUTION]: The documentation includes standard shell commands for running common testing tools such as npm, npx, and pytest. These commands are expected for a testing skill and do not use elevated privileges.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection if the agent parses the contents or results of untrusted test files. This represents a potential attack surface for external data to influence the agent.\n
- Ingestion points: Test files (e.g., login.spec.js) and test execution outputs referenced in SKILL.md.\n
- Boundary markers: No delimiters or warnings are provided to prevent the agent from following instructions embedded in test data.\n
- Capability inventory: Shell command execution capabilities across multiple testing frameworks.\n
- Sanitization: No sanitization or validation of test scripts or outputs is performed.
Audit Metadata