Skills
skills/skillcreatorai/ai-agent-skills/qa-regression/Gen Agent Trust Hub

qa-regression

Fail

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill enables an agent to interact with untrusted external web content while maintaining high-privilege capabilities, creating a significant attack surface for indirect prompt injection.\n
  • Ingestion points: The skill ingests data from web pages via Playwright's page.goto() and content locators (e.g., in tests/dashboard/load.spec.ts).\n
  • Boundary markers: There are no boundary markers or instructions to isolate untrusted page content from the agent's control logic.\n
  • Capability inventory: The deleteTestUser helper in tests/helpers/users.ts allows for administrative deletions via fetch using an ADMIN_TOKEN.\n
  • Sanitization: The skill lacks sanitization or validation of the web content it processes.\n- [External Downloads] (LOW): The skill instructs the user to install standard testing packages from the npm registry.\n
  • Evidence: npm install playwright @playwright/test is recommended in the setup section. These are widely used and trusted libraries from a reputable organization (Microsoft).\n- [Command Execution] (LOW): The skill uses the Playwright CLI to manage browser binaries and run test suites.\n
  • Evidence: Uses npx playwright test and npx playwright install for environment setup and operation.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 15, 2026, 10:20 PM