Skills
skills/sailscastshq/boring-stack/testing/Gen Agent Trust Hub

testing

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (LOW): The skill's core functionality involves reading and executing user-provided test files. This creates a surface where malicious instructions in those files could influence agent behavior.
  • Ingestion points: Files matching tests/unit/**/*.test.js and tests/e2e/pages/*.test.js.
  • Boundary markers: None present.
  • Capability inventory: Uses node --test and npx playwright test to execute Javascript code.
  • Sanitization: None; assumes the local test files are trusted.
  • Unverifiable Dependencies & Remote Code Execution (SAFE): The instructions include installing @playwright/test and browser binaries. These are standard, reputable tools in the Javascript ecosystem.
  • Dynamic Execution (SAFE): Includes a node -e one-liner to verify the Sails.js test environment. The code executed is a static verification script and does not interpolate external data.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:39 PM