e2e-flow-verifier
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to generate and execute TypeScript code using the Playwright testing framework to automate browser interactions and verify application state.
- [DATA_EXFILTRATION]: The skill facilitates the collection of comprehensive diagnostic data, including HAR files (network logs), video recordings, and screenshots. This evidence may capture sensitive information such as authentication tokens, session cookies, or personal data processed during the test flows.
- [PROMPT_INJECTION]: As the agent interacts with and asserts content from external web pages, it is inherently exposed to indirect prompt injection risks where malicious instructions embedded in a target website could attempt to influence the agent's behavior.
- Ingestion points: External web content retrieved during navigation and assertions (e.g.,
page.goto,toContainText) inSKILL.md. - Boundary markers: No specific delimiters or instructions to ignore embedded content are provided in the test templates.
- Capability inventory: Full browser automation capabilities via Playwright, command execution via
npx playwright, and network request capabilities viapage.request. - Sanitization: No sanitization or validation of the content retrieved from web pages is described prior to the agent processing it for assertions.
Audit Metadata