Skills
skills/brikev/twd/twd-tester/Gen Agent Trust Hub

twd-tester

Warn

Audited by Gen Agent Trust Hub on Feb 20, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill utilizes npx twd-relay. The npx utility downloads and executes packages from the public npm registry at runtime if they are not already installed locally. The twd-relay package is not from a recognized trusted organization or repository.
  • COMMAND_EXECUTION (LOW): The skill is granted permission to execute shell commands via Bash(npx twd-relay run:*). While restricted to the twd-relay binary, this still allows the agent to trigger external process execution.
  • PROMPT_INJECTION (LOW): (Category 8) The skill has an indirect prompt injection surface because it reads untrusted data from the filesystem (components and existing tests) and uses that information to drive its code-generation and testing actions.
  • Ingestion points: Reads *.twd.test.ts and other project files using Read, Glob, and Grep tools.
  • Boundary markers: The skill lacks explicit boundary markers or instructions to disregard embedded commands in the files it reads.
  • Capability inventory: The agent can write to the filesystem and execute bash commands.
  • Sanitization: Content read from the filesystem is not sanitized or escaped before being incorporated into the agent's reasoning context.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 20, 2026, 04:13 PM