test-fixer
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local shell commands using 'npx playwright test' to run and debug testing suites.
- [COMMAND_EXECUTION]: It invokes a local Python client script (.claude/skills/mcp-client/scripts/mcp_client.py) to facilitate communication with a Playwright MCP server and execute browser code.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection attacks from malicious web content. Ingestion points: The agent retrieves accessibility snapshots, page text, and element attributes from external URLs via browser_run_code and browser_navigate (SKILL.md). Boundary markers: There are no explicit delimiters or 'ignore' instructions implemented to isolate untrusted web data. Capability inventory: The skill has the ability to execute shell commands, modify local source code files, and run arbitrary JavaScript within a browser context. Sanitization: Extracted web content is processed without validation or sanitization, potentially allowing embedded instructions to influence agent behavior.
Audit Metadata