Skills
skills/alexei-led/claude-code-config/testing-e2e/Gen Agent Trust Hub

testing-e2e

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill is designed to ingest untrusted data from the web using browser_navigate and browser_snapshot. There are no boundary markers or sanitization procedures defined to distinguish between tool instructions and website content. An attacker-controlled website could include malicious prompts that the agent might execute using its mcp__playwright__* tools.
  • Ingestion points: Web content retrieved via browser_navigate and browser_snapshot.
  • Boundary markers: None present.
  • Capability inventory: Full browser control (clicking, typing, form filling) and the ability to spawn subagents via Task().
  • Sanitization: None present.
  • Command Execution (MEDIUM): The documentation encourages the use of npx playwright test and dynamic test generation (/test:e2e generate). If the agent generates or executes code based on input from a malicious website (via indirect injection), it could lead to the execution of arbitrary code on the local system.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 10:40 AM