Skills
skills/agentmantis/testskills/create-acceptance-test/Gen Agent Trust Hub

create-acceptance-test

Warn

Audited by Gen Agent Trust Hub on Mar 31, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill accesses a sensitive authentication state file to facilitate automated login in tests.\n
  • Evidence: Both SKILL.md and references/acceptance-spec-template.md reference the file path e2e/.auth/user.json. This file is standard in Playwright for storing session cookies and authentication tokens, making it a high-value target for exposure.\n- [COMMAND_EXECUTION]: The workflow involves executing shell commands to run tests that were generated during the same session.\n
  • Evidence: SKILL.md specifies the command npx playwright test --project="chromium:acceptance" {TICKET}-{description}.spec.ts. This executes code created by the agent onto the local system.\n- [PROMPT_INJECTION]: The skill processes untrusted input from user requests (ticket keys and descriptions) to generate both filenames and test logic, creating a surface for indirect prompt injection.\n
  • Ingestion points: User-provided [TICKET] and [description] arguments in SKILL.md.\n
  • Boundary markers: Absent; there are no instructions or delimiters to isolate the ticket data from the rest of the generated test code.\n
  • Capability inventory: The skill can write files to the e2e/ directory and execute shell commands through npx.\n
  • Sanitization: Absent; the skill does not define any validation or escaping mechanisms for the ticket data before it is interpolated into shell commands or TypeScript files.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 31, 2026, 09:27 AM