e2e-testing
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The helper script
scripts/with_server.pyusessubprocess.Popenwithshell=Trueto execute arbitrary commands passed via the--serverargument. This allows for the execution of any system command, which could be exploited if an attacker can influence the input to this script. - [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection because it is designed to browse, inspect, and extract data from external web applications using Playwright. Attackers could place malicious instructions in HTML content, meta tags, or hidden elements to attempt to override the agent's behavior during reconnaissance phases.
- Ingestion points:
page.goto(url)and element discovery logic inreferences/patterns.mdandSKILL.md. - Boundary markers: None identified in the provided scripts to distinguish between web content and agent instructions.
- Capability inventory: Ability to execute shell commands (via
with_server.py), write to the filesystem (screenshots), and perform network operations (Playwright navigation). - Sanitization: No sanitization of page content is performed before element inspection or screenshotting.
- [CREDENTIALS_UNSAFE]: The documentation and examples (e.g.,
references/patterns.mdandSKILL.md) encourage the use of environment variables likeTEST_PASSWORDandADMIN_PASSWORD. While these are standard practices for testing, they indicate the agent will handle sensitive authentication credentials at runtime.
Audit Metadata