The Agent Skills Directory

[PROMPT_INJECTION] (HIGH): The AI-assisted test generation and self-healing features create a critical Indirect Prompt Injection (Category 8) surface. \n
Ingestion points: The agent is designed to read test plans from the specs/ directory (Markdown files) and analyze test failure logs to generate or repair code. \n
Boundary markers: Absent. There are no delimiters or instructions provided to the agent to disregard instructions embedded within the untrusted test specifications. \n
Capability inventory: The agent can create new files (tests/seed.spec.ts), modify existing source code (auto-repair), and execute arbitrary commands via the shell (npx), allowing an attacker to achieve code execution via malicious test specs. \n
Sanitization: Absent. External content is processed directly to influence the logic of generated test scripts.\n- [COMMAND_EXECUTION] (HIGH): The scripts/create-page-object.md script uses the ! syntax to perform shell-based environment discovery (e.g., find, grep, wc). This arbitrary command execution capability is user-invocable and poses a risk of local command injection if input parameters are not strictly validated.\n- [REMOTE_CODE_EXECUTION] (MEDIUM): Documentation promotes the use of npx playwright init-agents, which downloads and executes arbitrary code from the npm registry at runtime, introducing a risk of executing unvetted remote code.\n- [EXTERNAL_DOWNLOADS] (LOW): The skill relies on external Node.js packages including @playwright/test and @axe-core/playwright. While these are standard tools, the skill's own execution logic remains the primary high-severity concern.

e2e-testing