mobile-browser-workflow-to-playwright
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill's behavior and instructions are entirely consistent with its stated purpose of automating test generation. It lacks any indicators of malicious intent, such as obfuscation, persistence, or data exfiltration.
- [PROMPT_INJECTION]: The skill processes untrusted markdown content from
/workflows/mobile-browser-workflows.mdto generate executable test code. This represents a surface for indirect prompt injection, although it is a functional requirement of the tool. - Ingestion points: Workflow steps and descriptions are ingested from
/workflows/mobile-browser-workflows.md(Phase 1). - Boundary markers: No explicit delimiters or instructions to ignore embedded directives are provided in the sub-agent prompts.
- Capability inventory: The skill can read local workflows, explore the codebase for selectors, and write generated code to
e2e/mobile-browser-workflows.spec.ts. - Sanitization: No validation or sanitization is performed on the markdown content before it is processed by the AI agents.
Audit Metadata