Skills
skills/laststance/skills/qa-electron/Gen Agent Trust Hub

qa-electron

Pass

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: SAFE
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by ingesting untrusted data from the application under test.
  • Ingestion points: The skill reads application log files (SKILL.md Phase 0), DOM snapshots via playwright-cli snapshot, and renderer console output.
  • Boundary markers: Absent. The instructions do not define delimiters or specific 'ignore' instructions for the data read from the tested application.
  • Capability inventory: The skill uses the Bash tool to execute arbitrary commands, including file system operations and network connectivity checks.
  • Sanitization: Absent. Data from external logs or the application's DOM is not explicitly sanitized before being processed by the agent.
  • [COMMAND_EXECUTION]: The skill instructions include numerous shell commands for environment setup, application control, and state verification (e.g., osascript, pnpm, sqlite3, jq, tail). These are legitimate within the context of a desktop application QA workflow.
  • [DYNAMIC_EXECUTION]: The skill utilizes playwright-cli eval to execute JavaScript within the Electron renderer process. This is a core feature used for inspecting application state and security configurations (e.g., checking nodeIntegration).
  • [PRIVILEGE_ESCALATION]: The skill mentions the use of sudo for the macOS log stream command but provides explicit guidance to skip this step if it prompts for credentials, minimizing the risk of unauthorized privilege acquisition.
Audit Metadata
Risk Level
SAFE
Analyzed
May 2, 2026, 03:46 PM