e2e-outside-in-test-generator
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a dedicated security module (
generator/security.py) providing path validation (validate_project_root) to prevent directory traversal attacks during the project analysis phase. - [SAFE]: It includes protection against Denial of Service (DoS) attacks, such as JSON bombs, by enforcing file size limits during JSON parsing operations.
- [SAFE]: File reading and writing operations are centralized and use path resolution to ensure all activity remains within the user's project directory.
- [SAFE]: Test generation uses a safe, string-based template system (
str.format()) rather than dynamic execution functions likeeval()orexec(), preventing arbitrary code injection during the rendering phase. - [SAFE]: Credentials found in generated fixtures and documentation are clearly marked as placeholders for testing purposes and are tagged with ignore-patterns for security scanners.
- [SAFE]: The skill performs static analysis of the project structure and source code to detect frameworks and routes, avoiding the execution of the application's code.
Audit Metadata