testing-validator
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill documentation states it 'Executes bash/python examples' found in the target skill directory. This allows for arbitrary command execution on the host machine where the validator is run.
- REMOTE_CODE_EXECUTION (MEDIUM): If this tool is pointed at a repository or skill folder containing malicious code in its examples (a common vector for indirect prompt injection or supply chain attacks), it will execute that code automatically.
- DYNAMIC_EXECUTION (MEDIUM): The tool performs runtime execution of scripts generated or extracted from non-executable data files (Markdown), which is a high-risk dynamic execution pattern.
- INDIRECT_PROMPT_INJECTION (LOW): The tool is highly vulnerable to malicious instructions embedded in the data it processes.
- Ingestion points: Reads markdown files and examples from user-provided paths.
- Boundary markers: None mentioned in documentation to distinguish between safe and unsafe code blocks.
- Capability inventory: Capable of executing shell commands and Python scripts via
subprocessor similar. - Sanitization: No evidence of sanitization, escaping, or code validation before execution.
Audit Metadata