run-api-e2e-tests
Warn
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill defines a workflow where the agent must construct a complex shell command using a variable
<name-of-the-test>derived from user input. This pattern is highly susceptible to command injection (e.g., if a user provides a name liketest'; touch /tmp/pwned; '). While the template uses single quotes, the instruction for the agent to manually replace the placeholder increases the risk of improper escaping or injection during command generation. - PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection via the test selection process. An attacker could provide a crafted test name that attempts to manipulate the shell execution environment.
- Ingestion points: The user provides a 'specific test or feature' name which is then used to find a file and populate a command string.
- Boundary markers: The command template uses single quotes around the file glob
'src/**/<name-of-the-test>.e2e{,-ee}.ts', which provides some protection but relies on the agent's correct implementation of the substitution. - Capability inventory: The agent can execute arbitrary shell commands via
pnpm exec mochawith significant privileges (access to environment variables and the file system withinapps/api). - Sanitization: No sanitization, escaping, or validation logic is provided in the instructions to ensure the user-provided string is a valid filename and not a shell exploit.
Audit Metadata