e2e-testing
Warn
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the @playwright/test package from the NPM registry if it is missing. This is a standard dependency installation from a well-known service.
- [COMMAND_EXECUTION]: Generates and runs test code using npx playwright test based on user flows extracted from plan.md. This involves the execution of code assembled at runtime from local file content.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection via the plan.md file.
- Ingestion points: User flows are extracted from plan.md (SKILL.md).
- Boundary markers: No markers or explicit instructions are provided to prevent the agent from following instructions embedded within plan.md.
- Capability inventory: The skill can execute shell commands via npx and write results to the file system in verified.md.
- Sanitization: No sanitization or validation of the input data from plan.md is performed before it is used to generate executable tests.
Audit Metadata