Skills
skills/agentmantis/testskills/e2e-test-conventions/Gen Agent Trust Hub

e2e-test-conventions

Pass

Audited by Gen Agent Trust Hub on Mar 31, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill establishes an indirect prompt injection surface as it is designed to ingest and process external data from environment files and JSON test data.
  • Ingestion points: The skill reads configuration and test data from e2e/.env, e2e/.env.{env}, and e2e/test-data/*.json files.
  • Boundary markers: No specific boundary markers or instructions to ignore embedded commands within these data files are included in the guidelines.
  • Capability inventory: The skill utilizes the Playwright framework for automated browser interactions and requires shell command execution (e.g., npx playwright test) to run the suites.
  • Sanitization: There is no mention of sanitizing or validating external data before it is interpolated into test scripts or used for browser navigation.
  • [DATA_EXFILTRATION]: The skill includes patterns for accessing and managing sensitive configuration and session data, which is a standard requirement for E2E testing.
  • The env-config.ts helper module uses the dotenv library to load environment variables such as LOGIN_PASSWORD from local files.
  • The authentication setup project saves browser session state (including potentially sensitive cookies or IndexedDB tokens) to a local file at e2e/.auth/user.json for reuse across test projects.
  • These practices align with standard automated testing security patterns and do not involve unauthorized data transmission to external domains.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 31, 2026, 09:27 AM