test-automation-expert
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFE
Full Analysis
- [REMOTE_CODE_EXECUTION]: Documentation for CI/CD pipelines in 'references/ci-integration.md' mentions fetching the Codecov uploader script ('bash <(curl -s https://codecov.io/bash)') and installing browsers via 'npx playwright install'. These are standard procedures from well-known technology providers.\n- [INDIRECT_PROMPT_INJECTION]: The skill can read project files, creating an attack surface for indirect prompt injection when analyzing codebase content.\n
- Ingestion points: Uses 'Read', 'Grep', and 'Glob' to analyze files.\n
- Boundary markers: Absent.\n
- Capability inventory: 'Write' and 'Edit' for file updates, and 'Bash' limited to test execution commands (npm, npx, pytest).\n
- Sanitization: Absent.
Audit Metadata