functional-testing
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The example projects utilize standard testing frameworks, specifically
@playwright/testandcypress, which are installed from the official NPM registry. - [COMMAND_EXECUTION]: In the Playwright configuration (
playwright.config.ts), browser launch options include--disable-web-securityandignoreHTTPSErrors: true. These settings are used to bypass Same-Origin Policy (SOP) and SSL certificate validation to facilitate cross-origin testing and local development, though they decrease the security constraints of the browser instance. - [PROMPT_INJECTION]: The skill processes user-supplied functional requirements to generate test cases, creating an indirect prompt injection surface. 1. Ingestion points: User-provided requirements or system specifications provided as text input. 2. Boundary markers: The prompt template (
prompts/functional-testing.md) does not define specific delimiters or isolation blocks for the user-provided requirement variable. 3. Capability inventory: Generates detailed test plans and test case scripts which could be influenced by malicious instructions embedded in the requirements. 4. Sanitization: No explicit sanitization or validation of the requirement text is performed within the skill's instructions.
Audit Metadata