e2e-testing
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for executing tests through a project-specific CLI tool (
af e2e) inside a Docker container. - [PROMPT_INJECTION]: The skill defines a debugging workflow where the agent reads DOM snapshots and failure logs from
./test-results/*/error-context.md. This represents an indirect prompt injection surface if a tested website contains malicious content intended to influence the agent's behavior during analysis. - Ingestion points: Reads DOM snapshots and error logs from
./test-results/*/error-context.md. - Boundary markers: No delimiters or instructions to ignore embedded content in the logs are mentioned.
- Capability inventory: Execution of testing commands (
af e2e) and file system read access. - Sanitization: The documentation does not specify any sanitization or filtering of the DOM content before it is processed by the agent.
Audit Metadata