Skills
skills/blitzer207/blitzer-skills/ecutest-api-skill/Gen Agent Trust Hub

ecutest-api-skill

Pass

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The helper script scripts/scan_docs.py is designed to execute the ripgrep (rg) utility to facilitate fast documentation searches. The script implementation uses subprocess.run with a list of arguments and avoids the use of shell=True, which is a secure pattern that prevents command injection.
  • [SAFE]: The skill operates entirely on local application files (ecu.test installation directories) as configured by the user via environment variables or a .env file. There are no network operations, credential exposures, or obfuscated code segments detected in the provided files.
  • [PROMPT_INJECTION]: The skill reads and processes external data in the form of local HTML and RST documentation. While this creates a surface for indirect prompt injection, it is considered safe in this context as the data source is the local installation of a trusted software product.
  • Ingestion points: Documentation files read by scripts/scan_docs.py and scripts/search_api.py.
  • Boundary markers: None present in tool output.
  • Capability inventory: Local file reads and subprocess.run for rg searches.
  • Sanitization: Standard regex and string matching used for searching without content sanitization.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 3, 2026, 02:58 AM