accelint-ac-to-playwright
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes external acceptance criteria (AC) provided in Gherkin or bullet formats. While this presents an indirect prompt injection surface, the skill implements robust mitigations including a mandatory assessment mode, strict target naming conventions (area.component.intent), and Zod schema validation for intermediate test plans before any spec files are generated.
- [COMMAND_EXECUTION]: The skill generates Playwright specification files (.spec.ts) and executes local validation scripts using npx. The code generation logic in
scripts/translate-plan-to-tests.tsuses safe template-based assembly with standard serialization for values, effectively preventing the injection of malicious payloads into the output test files.
Audit Metadata