mobile-testing
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill instructs the agent to read and follow instructions from a local file,
.agents/qa-project-context.md, to determine the tech stack and requirements. This creates a surface for indirect prompt injection if an attacker can control the contents of this file within the repository. * Ingestion points: .agents/qa-project-context.md * Boundary markers: None mentioned; the agent is directed to let this file 'shape every decision'. * Capability inventory: Execution of shell commands (npm, appium, detox) and modification of project configuration files. * Sanitization: No explicit sanitization or validation of the context file content is described. - [COMMAND_EXECUTION]: The skill includes instructions for installing tools and drivers via shell commands (e.g.,
npm install -g appium,appium driver install). These are standard operations for setting up a mobile testing environment but involve executing commands that modify the system state. - [EXTERNAL_DOWNLOADS]: The skill references configuration and setup for well-known mobile testing services, including BrowserStack and Sauce Labs. These are standard integrations for mobile automation.
Audit Metadata