agent-e2e
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it is designed to ingest and execute instructions from external YAML test case files. If an agent is provided with a malicious YAML file from an untrusted source, it could be directed to perform unintended browser interactions or extract sensitive session data.
- Ingestion points: Test scenario files in YAML format (e.g., examples/github-login-error.yaml).
- Boundary markers: None identified in the prompt instructions.
- Capability inventory: The agent has access to agent-browser for navigation, form filling, clicking, and data extraction.
- Sanitization: No explicit sanitization or validation of YAML commands is described prior to execution.
- [COMMAND_EXECUTION]: The skill utilizes the agent-browser tool to perform complex browser automation tasks. This functionality is the core purpose of the skill and is documented with standard usage patterns, including state management and multi-session control.
Audit Metadata