cypress-debugger
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns were detected. The skill's behavior is consistent with its stated purpose of debugging local test failures.
- [PROMPT_INJECTION]: The skill processes external data from Cypress reports (mochawesome.json and results.xml), which introduces a potential surface for indirect prompt injection. Ingestion points: Local paths in cypress/reports/. Boundary markers: Absent. Capability inventory: Uses find, cat, jq, and node -e for data extraction and analysis. Sanitization: None. This surface is considered safe as it is necessary for the skill's functionality and restricted to the user's local environment.
- [COMMAND_EXECUTION]: The skill uses Node.js to execute fixed, inline scripts for parsing report data. This is a controlled use of dynamic execution for local data processing and does not pose a remote code execution risk.
Audit Metadata