e2e-testing
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on several local commands executed via
bash, includingnpm,npx playwright,grep, andls. These are used to run test suites, inspect application source code, and manage local Supabase instances (SKILL.md, failure-patterns.md, environment-checklist.md). - [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) because it ingests and processes untrusted data from the local file system to perform its tasks.
- Ingestion points: The agent is instructed to read local source code in
src/app/andsrc/components/to understand functionality before writing tests (SKILL.md). - Boundary markers: Absent. The instructions do not specify the use of delimiters or warnings to ignore instructions embedded in the source code files.
- Capability inventory: The skill has access to powerful tools including
Bash,Edit,Write, andRead(SKILL.md). - Sanitization: No validation or escaping of the content read from source files is performed before the agent processes it.
- [DATA_EXFILTRATION]: The skill includes instructions to read local configuration files (
.env.local,.env.test) and extract local Supabase credentials (ANON_KEY,SERVICE_ROLE_KEY) for troubleshooting environment issues (environment-checklist.md). While this is restricted to the local environment and intended for maintenance, it involves accessing sensitive credentials.
Audit Metadata