testing-workflow
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill possesses a high vulnerability surface because its core function is to ingest and execute content from other skills.
- Ingestion points: Step 1 in SKILL.md requires extracting and executing examples from external skill files.
- Boundary markers: None specified; the agent is not instructed to isolate or validate the content before execution.
- Capability inventory: The skill is granted powerful tools including
Bash,Write,Edit, andWebFetch. - Sanitization: No sanitization or validation logic is defined to prevent malicious commands within the examples from being executed.
- [Dynamic Execution] (LOW): The workflow explicitly calls for the execution of scripts and scenarios ('Example Validation' and 'Scenario Testing'). While necessary for testing, this creates a risk of executing malicious code if the target skill is compromised or adversarial.
Audit Metadata