tester
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill runs various shell commands to validate the environment and build status, including
pnpm build,pnpm dev, andcurlagainstlocalhost. These are routine operations for continuous integration and testing workflows. - [EXTERNAL_DOWNLOADS]: The skill installs the
@browserbasehq/stagehandandzodpackages. Browserbase is a well-known service for browser automation, and Zod is a standard validation library; both are appropriate for the skill's stated purpose. - [PROMPT_INJECTION]: The skill processes content from local documentation files which introduces a surface for indirect prompt injection.
- Ingestion points: Reads instructions and requirements from
docs/tasks/<feature-name>/PRD-<feature-name>.md,docs/epics/<epic-name>/USER-JOURNEY.md, anddocs/epics/<epic-name>/EPIC-<epic-name>.mdto generate E2E test scripts. - Boundary markers: No explicit delimiters or system instructions are provided to the agent to distinguish between the skill's logic and potentially malicious instructions embedded in the documentation files.
- Capability inventory: The skill has permissions to execute shell commands, read/write files in the local repository, and perform network requests through the Stagehand browser automation tool.
- Sanitization: There is no evidence of content sanitization or validation of the ingested documentation content before it is used to influence agent actions.
Audit Metadata