managing-project-customizations
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): The skill contains explicit 'Data Safety Rules' that forbid storing secrets, tokens, or passwords and mandate redacting sensitive command arguments.
- [Indirect Prompt Injection] (LOW): The skill ingests untrusted project files to build a context cache, which downstream skills consume. This creates a surface for indirect prompt injection. • Ingestion points: Reads wdio.conf files, package.json, and custom command scripts. • Boundary markers: None mentioned in the instructions. • Capability inventory: File system read and write access to the .webdriverio-skills directory. • Sanitization: Mandates redaction of secrets but lacks sanitization for embedded natural language instructions.
- [Unverifiable Dependencies] (SAFE): No external code is downloaded or executed; the skill only references standard WebdriverIO documentation and project structures.
Audit Metadata