Skills
skills/cristian-robert/autonomous-automation-tester/full-workflow/Gen Agent Trust Hub

full-workflow

Fail

Audited by Gen Agent Trust Hub on Feb 26, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill generates and executes local Playwright test files (.spec.ts) based on content scraped from external websites. Because it incorporates untrusted data directly into the generated code, a malicious website could inject arbitrary commands executed during the testing phase.
  • [COMMAND_EXECUTION]: The workflow executes multiple shell commands, including local Python scripts (scripts/qase_client.py), npm package installation, and playwright test execution.
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection as it ingests website data without sanitization. * Ingestion points: Website text and structure via mcp-client. * Boundary markers: None present. * Capability inventory: Subprocess execution and file writing. * Sanitization: None identified for extracted website content used in code generation.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 26, 2026, 08:56 PM