testing
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it processes untrusted data from external sources while having the ability to execute commands and write to the filesystem.
- Ingestion points:
mcp_playwright_browser_navigateis used to load external URLs, andmcp_context7_query-docsfetches information from external documentation sources (e.g., pytest docs). - Boundary markers: The skill does not implement delimiters or specific instructions for the agent to ignore potentially malicious commands embedded in the web content or documentation it retrieves.
- Capability inventory: The skill has access to the
Bashtool for running test suites and theWriteandEdittools for modifying project files. - Sanitization: No sanitization or validation logic is defined to prevent instructions found in external data from being interpreted as commands by the agent.
- [COMMAND_EXECUTION]: The skill instructions direct the agent to use the
Bashtool to run commands likecomposer testandnpm run test. While these are legitimate developer actions, they are executed in the same context as the data retrieved from external sources, which constitutes a risk factor.
Audit Metadata