scan-e2e-tests
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local shell commands (
grep,find,ls) to identify project dependencies, framework configurations, and code patterns within.csproj,package.json,requirements.txt, and source files. These commands are used for discovery purposes and do not involve remote code execution. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted source code and feature files from the project being scanned.
- Ingestion points: Reads content from various source files including
.feature,.cs,.js,.py, and.javato extract patterns and code examples. - Boundary markers: No specific delimiters or instructions are provided to the sub-agents to ignore potential instructions embedded within the processed code comments or documentation.
- Capability inventory: The agent can write to documentation files (
docs/project-reference/e2e-test-reference.md), update configuration files (docs/project-config.json), and execute system discovery commands. - Sanitization: There is no evidence of sanitization or filtering of the ingested content before it is processed or included in the generated reference documentation.
Audit Metadata