mobile-workflow-to-playwright
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) by processing untrusted workflow descriptions to generate executable TypeScript code.
- Ingestion points: The skill reads external data from
/workflows/mobile-workflows.mdin Phase 1. - Boundary markers: There are no explicit instructions or delimiters defined to prevent the agent from obeying instructions that might be embedded within the workflow markdown files.
- Capability inventory: The agent has the ability to write files to the repository and execute shell commands (
npm install,npx tsc). - Sanitization: The skill lacks explicit sanitization or escaping logic for the workflow content before it is interpolated into the generated Playwright test templates.
- [COMMAND_EXECUTION]: In Phase 6, the skill performs shell operations including
npm install --ignore-scriptsandnpx tsc --noEmit. These commands are used to initialize the generated project and verify its validity. While these are standard development tasks, they are executed within a project structure that is dynamically generated based on external, potentially untrusted, workflow data.
Audit Metadata