e2e-tester
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The file mcp.json contains the command npx -y playwriter@latest. This instruction downloads and executes code from the npm registry without version pinning or source verification, representing a high-risk supply chain vulnerability.
- REMOTE_CODE_EXECUTION (HIGH): The skill provides an execute tool in mcp.json and generates test scripts (Playwright/Pest) that are intended for execution. This capability, combined with the ingestion of untrusted external content, creates a direct path for executing dynamically generated malicious code.
- PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection. It utilizes agent-browser to scrape HTML from external URLs (Ingestion point) which is then used to determine interaction logic and code generation. There are no boundary markers or instructions to treat this data as untrusted, and the skill lacks any sanitization or validation of the external content before processing.
- COMMAND_EXECUTION (MEDIUM): The skill's reference documentation (performance.md and advanced-patterns.md) includes patterns for executing arbitrary JavaScript within a browser context via page.evaluate, which could be exploited to perform unauthorized actions or exfiltrate data from the browser session.
Recommendations
- AI detected serious security threats
Audit Metadata