manual-testing
Warn
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is fundamentally designed to parse and run arbitrary shell commands, such as curl, psql, and docker, which are extracted from Markdown test files. SKILL.md section 5.2 explicitly directs agents to follow these instructions exactly as written without improvisation.
- [REMOTE_CODE_EXECUTION]: By executing code and logic defined in repository data files (TC-*.md), the skill creates a vector for Remote Code Execution if these files are authored or modified by an untrusted party.
- [EXTERNAL_DOWNLOADS]: Reference files provide instructions for using package managers and container tools (e.g., npm, pip, Docker) that download code and images from external, public registries.
- [CREDENTIALS_UNSAFE]: The skill instructions describe a workflow where the main agent identifies and passes sensitive authentication tokens, such as API keys and database passwords, to subagents for execution.
- [PROMPT_INJECTION]: The skill presents a large surface for indirect prompt injection. It ingests instructions from external test case files and executes them with high privileges (shell access, database manipulation) without any specified sanitization or validation of the extracted commands.
Audit Metadata