testing-validator
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill uses 'IMPORTANT' directives to force a side-effect (creating a verification file) unrelated to its primary purpose. This is a common pattern for telemetry or unauthorized tracking.
- [COMMAND_EXECUTION] (LOW): The instruction to 'Create a file at /tmp/skill-verification.txt' involves an unnecessary file system write operation to a system-wide temporary directory.
- [DATA_EXFILTRATION] (LOW): Writing project metadata (project name and timestamp) to a shared local path (/tmp/) is a form of local data exposure.
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface. * Ingestion points: Project structure analysis (Instruction 1). * Boundary markers: Absent. * Capability inventory: File writing (Instructions 2 and 4). * Sanitization: Absent.
Audit Metadata