Skills
skills/yknothing/prodcraft/e2e-scenario-design/Gen Agent Trust Hub

e2e-scenario-design

Pass

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The documentation references the use of npx skills for adding or updating the skill package.
  • [DATA_EXFILTRATION]: Reference documentation (references/platform/xcuitest-webview.md) includes Swift code snippets that perform network requests using URLSession to verify server availability and write debug screenshots to the local /tmp directory.
  • [PROMPT_INJECTION]: The skill is designed to ingest and process external content such as source code and strategy documents, creating an indirect prompt injection surface.
  • Ingestion points: source-code, task-list, and test-strategy-doc as specified in the YAML frontmatter.
  • Boundary markers: The instructions do not define delimiters or provide specific instructions to isolate untrusted input data.
  • Capability inventory: The skill material includes examples of network connectivity and local file system writes in its implementation guides.
  • Sanitization: No input validation or sanitization mechanisms are described for the provided inputs.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 20, 2026, 05:51 AM