synpress-e2e
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): The skill provides a hardcoded private key placeholder and encourages storing sensitive keys in plaintext environment files. This practice leads to high risk of credential exposure.
- [PROMPT_INJECTION] (HIGH): Vulnerable to Indirect Prompt Injection (Category 8). The skill interacts with external dApps using
page.gotoand has the capability to sign transactions and approve token permissions. Ingestion points:page.gotocalls inwallet-connect.spec.ts. Boundary markers: Absent. Capability inventory:metamask.confirmTransaction,metamask.approveTokenPermission,metamask.confirmSignature. Sanitization: Absent. - [EXTERNAL_DOWNLOADS] (MEDIUM): The skill installs
@synthetixio/synpressfrom npm. This package is not from a trusted source and is associated with malicious phishing URLs (metamask.co,metamask.im) according to automated scanners. - [COMMAND_EXECUTION] (HIGH): The skill provides tools for programmatic blockchain transaction signing and wallet automation, which are high-privilege actions that can be exploited if the agent interacts with malicious site content.
Recommendations
- AI detected serious security threats
- Contains 2 malicious URL(s) - DO NOT USE
Audit Metadata