Skills
skills/peachsolution/peach-harness/peach-e2e-scenario/Gen Agent Trust Hub

peach-e2e-scenario

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local shell scripts (e2e.sh) and system utilities (lsof, kill) to manage the Chrome Beta CDP environment and clean up background processes. This behavior is scoped to the specific port used for testing and is consistent with the skill's purpose.
  • [REMOTE_CODE_EXECUTION]: The skill dynamically generates and executes JavaScript files using Node.js as part of its automation workflow. This execution is performed locally on code created by the agent based on test scenarios, which is the primary function of the tool.
  • [PROMPT_INJECTION]: The skill identifies as having an attack surface for indirect prompt injection because it ingests data from web pages (DOM) to inform the generation and modification of test scripts. This is a characteristic of browser automation tools interacting with untrusted content, and the skill includes patterns for validation and error handling to manage the execution flow.
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 04:09 PM