flow-test
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes content from external or user-provided sources.
- Ingestion points: The skill reads flow definitions from
tests/e2e-test-plan.mdand processes live content from web pages navigated to via browser automation tools. - Boundary markers: There are no explicit delimiters or system-level instructions provided to the agent to distinguish between legitimate test logic and potentially malicious instructions embedded within the test plan or target web pages.
- Capability inventory: The agent utilizes powerful browser automation capabilities (e.g.,
browser_fill_form,browser_click,browser_type) which could be manipulated if the agent obeys instructions found in the data it processes. - Sanitization: The skill does not implement validation or sanitization of the content retrieved from the local test plan or the remote web application.
Audit Metadata