e2e
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill is configured with restricted bash access via
Bash(npm test:*). This scope limits execution to npm test commands, which is appropriate and necessary for its primary function of E2E testing and validation. - [DATA_EXFILTRATION]: No unauthorized data access or exfiltration patterns detected. The skill reads project metadata (e.g.,
package.json,requirements.txt,go.mod) to identify testing frameworks, which is a legitimate part of its core functionality. - [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from BDD
.featurefiles to generate code. While this presents a surface for indirect prompt injection, it is inherent to the tool's purpose. The risk is mitigated by the restricted toolset and the expected human review of the generated test skeletons. - [PROMPT_INJECTION]: No instructions were found that attempt to bypass AI safety guidelines, override system prompts, or extract sensitive internal configurations.
Audit Metadata