twd-test-writer
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill instructions create a surface for Indirect Prompt Injection (Category 8) because the agent is tasked with writing tests based on untrusted external data (the application's source code or UI). Evidence Chain: * Ingestion points: The agent reads user-provided code, HTML, or UI descriptions to generate test scripts. * Boundary markers: Absent; there are no instructions for the agent to ignore or isolate instructions potentially hidden within the code or text it is testing. * Capability inventory: The skill teaches the agent to generate code that can perform browser navigation (twd.visit), simulate user interactions (userEvent.click/type), and mock network traffic (twd.mockRequest). * Sanitization: There is no guidance on sanitizing strings extracted from the application before they are used in test selectors or assertions.
Audit Metadata