Skills
skills/alirezarezvani/claude-skills/generate/Gen Agent Trust Hub

generate

Warn

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the npx playwright test command to run generated test files as a verification step.
  • [REMOTE_CODE_EXECUTION]: The skill dynamically generates JavaScript or TypeScript test files and then executes them on the system using the Playwright runner.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted codebase data to guide test generation without sanitization. Ingestion points: $ARGUMENTS and local project files (e.g., src/components/, playwright.config.ts). Boundary markers: None present to delimit untrusted data. Capability inventory: File reading, file writing, and shell execution (npx). Sanitization: None performed on ingested content.
  • [DATA_EXFILTRATION]: The skill reads sensitive configuration and setup files such as playwright.config.ts, auth.setup.ts, and storageState which may contain authentication tokens, session data, or other sensitive environment variables.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 10, 2026, 05:35 AM