test
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands to manage the testing environment, including installing dependencies (
npm install -D @playwright/test), installing browser binaries (npx playwright install), and running tests (npx playwright test). It also implements a cleanup routine usingrmto remove temporary test artifacts. - [EXTERNAL_DOWNLOADS]: Automatically downloads the Playwright MCP server using
npx @playwright/mcp@latest. It also suggests the installation of plugins from well-known technology organizations. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes task documents from the local filesystem to define its testing logic.
- Ingestion points: Reads test requirements and implementation details from
docs/task/*.mdfiles. - Boundary markers: While it looks for specific markdown sections, it lacks strict delimiters or system-level instructions to ignore potential commands embedded within those documents.
- Capability inventory: The agent has permissions to execute shell commands, perform network requests, and modify/delete files on the filesystem.
- Sanitization: No explicit sanitization of input from task documents is performed before the content is used to drive browser interactions.
- [DATA_EXFILTRATION]: The skill makes network requests to
api.mail.tm,mailinator.com, and other temporary email services usingcurl. These operations are used exclusively to verify registration and notification flows as part of the primary testing utility.
Audit Metadata