Skills
skills/vamdawn/ai-forge/e2e-run/Gen Agent Trust Hub

e2e-run

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes project-defined testing scripts and build tasks using package managers (npm, pnpm, yarn, bun) and build systems (make, turbo, nx).
  • [COMMAND_EXECUTION]: Employs the kill command to manage and terminate service processes that were explicitly started by the skill during a test run to prevent environment pollution.
  • [EXTERNAL_DOWNLOADS]: Utilizes curl to perform network reachability checks and retrieve local HTML content when validating project specifications in specification-driven mode.
  • [PROMPT_INJECTION]: Incurs a risk of indirect prompt injection by processing instructions from local Markdown specification files to drive browser interactions via agent-browser.
  • Ingestion points: Processes Markdown files found in project directories such as specs/e2e/, docs/e2e/, and tests/e2e/specs/.
  • Boundary markers: No explicit delimiters or 'ignore' instructions are used to distinguish specification data from potential embedded commands when parsing these files.
  • Capability inventory: The execution environment provides access to agent-browser, Bash, Write, and curl tools.
  • Sanitization: No sanitization or safety filtering of the ingested Markdown content is performed before it is used to guide the browser agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 06:19 AM