skill-tester
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): Operation 2 ('Example Validation') instructs the agent to 'Execute each example' extracted from external
SKILL.mdfiles. Since the skill is granted theBashtool, this allows for the execution of any arbitrary shell commands present in the documentation of the skill being tested.\n- [REMOTE_CODE_EXECUTION] (MEDIUM): The combination of the instruction to execute extracted code with the availability ofBashandWebFetchtools creates a significant risk of remote code execution. Malicious code examples could be used to download and run scripts from external servers during the testing process.\n- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection (Category 8) as it processes instructions and code from untrusted external skill files without adequate safety boundaries or sanitization.\n - Ingestion points: Data enters the system from the
SKILL.mdfiles being tested.\n - Boundary markers: Absent; there are no specified markers or instructions to isolate the tester's logic from the content being tested.\n
- Capability inventory: The agent has access to powerful tools including
Bash,Write,Edit, andWebFetch.\n - Sanitization: Absent; the skill does not perform any validation, escaping, or filtering of the examples before execution.
Audit Metadata