groundwork-verify
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill generates JavaScript test files that utilize 'child_process.exec' to validate command-line interfaces. This allows the generated tests to execute system commands based on definitions found in the feature files.
- [EXTERNAL_DOWNLOADS]: The skill defines a 'package.json' for the testing environment that pulls in common dependencies from the npm registry, including '@cucumber/cucumber', 'node-fetch', and 'playwright'.
- [PROMPT_INJECTION]: The skill presents an Indirect Prompt Injection surface (Category 8) by transforming untrusted external data into executable code.
- Ingestion points: The skill reads '.feature' files from 'docs/specs/features/' and configuration from 'docs/specs/SPEC-INTERFACE.md'.
- Boundary markers: The skill does not implement delimiters or warnings to prevent the LLM from obeying instructions embedded within the user-provided feature descriptions.
- Capability inventory: The generated scripts possess the ability to execute shell commands, perform HTTP requests, and control browser instances via Playwright.
- Sanitization: There is no evidence of input validation or escaping for the strings extracted from feature files before they are interpolated into the generated test scripts.
Audit Metadata