compatibility-testing
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because its primary purpose is to ingest, render, and analyze external web content and code snippets, which could be manipulated to include malicious instructions.
- Ingestion points: The skill ingests untrusted data via target URLs in
SKILL.mdand code inputs defined in theevals/compatibility-testing.yamltest cases. - Boundary markers: No explicit boundary markers or 'ignore' instructions are defined to separate ingested content from the agent's internal logic.
- Capability inventory: The
qe-test-executorandqe-visual-testeragents have capabilities for network operations and subprocess execution (e.g., running Playwright tests). - Sanitization: There is no evidence of input sanitization or validation of the remote content before it is processed by the agent.
- [SAFE]: The skill appropriately references well-known and trusted third-party services such as BrowserStack, Sauce Labs, and Playwright for cross-platform automation.
- [SAFE]: Sensitive information such as API keys is handled securely using environment variables (
process.env.BROWSERSTACK_KEY) rather than being hardcoded in the skill files.
Audit Metadata