agent-e2e
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Risk of indirect prompt injection during production site comparison workflows.
- Ingestion points: The skill instructs the agent to use tools such as read_page and find on the vendor's live site (https://home.st44.no) to verify application state.
- Boundary markers: The instructions do not define delimiters or specific safety prompts to ensure the agent ignores instructions potentially embedded in the website's HTML or content.
- Capability inventory: The agent possesses powerful tools including Bash, Write, and Edit, which could be exploited if it inadvertently follows instructions retrieved from external content.
- Sanitization: No explicit sanitization or validation logic is defined for data retrieved from the live site before it is used to influence test code generation or command-line actions.
- [COMMAND_EXECUTION]: Utilization of system-level commands for infrastructure management.
- Evidence: The documentation provides commands for process termination (taskkill), network state inspection (netstat), and database container interaction (docker exec). While these are standard for managing an end-to-end testing environment, they represent high-privilege operations.
Audit Metadata