testing
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted user-provided feature descriptions and component source code to generate test plans and execute tests across multiple specialist agents.
- Ingestion points: Step 2 (Understand context) and the source code of components/features being tested in SKILL.md.
- Boundary markers: Absent. The task templates provided for the writer and runner agents do not include delimiters or instructions to ignore instructions that might be embedded within the code or comments of the files being analyzed.
- Capability inventory: The skill dispatches agents that can write files to the filesystem and execute shell commands (
pnpm vitest run, Playwright runners). - Sanitization: None. External content and descriptions are interpolated directly into the specialist agent prompts without escaping or validation.
- [COMMAND_EXECUTION]: The workflow involves the execution of local shell commands (e.g.,
pnpm vitest run) to verify test results. These commands are executed based on the state determined by the agent workflow. - [PRIVILEGE_ESCALATION]: The skill provides guidance for implementing a "test-login" endpoint to bypass authentication providers like Clerk or WorkOS during E2E testing.
- Evidence: The Auth Testing Quick Reference in SKILL.md suggests creating a
/api/auth/test-login/route.tsto "Create session directly without SSO flow". While the provided code snippet includes a guard against production environments (process.env.NODE_ENV === "production"), recommending the creation of authentication bypasses introduces a significant risk surface that could be exploited if misconfigured or if environment checks are bypassed.
Audit Metadata