uat-testing
Warn
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses sensitive environment files (
.env,.env.local) to identify necessary configuration for the application under test. It also explicitly prompts the user to provide plain-text credentials (email/username and password) for automated authentication flows. - [COMMAND_EXECUTION]: The skill executes local shell commands to identify the project framework and start development servers (e.g.,
npm run dev,ng serve). It also uses thegitandgh(GitHub CLI) tools to extract branch metadata and PR descriptions. - [REMOTE_CODE_EXECUTION]: Utilizing Playwright MCP tools, the skill can execute arbitrary JavaScript within the browser context of the target application via the
browser_evaluatetool, which is used for state verification and cookie management. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes unvalidated external data from multiple sources.
- Ingestion points: Processes content from
git diffoutputs, specification documents (e.g.,specs/**/*.md), PR descriptions, and live web page content via browser snapshots. - Boundary markers: No specific delimiters or boundary markers are utilized to distinguish untrusted data from the agent's core instructions.
- Capability inventory: Possesses significant capabilities including local command execution, file system writes (
uat-test-cases.md,uat-results.md), and browser automation. - Sanitization: No sanitization or escaping of ingested data is performed before it is used to generate or drive test cases.
Audit Metadata