Skills
skills/catlog22/maestro-flow/team-testing/Gen Agent Trust Hub

team-testing

Pass

Audited by Gen Agent Trust Hub on Apr 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to run git commands (git diff) and test runners (npx jest, pytest, etc.) to analyze changes and verify code quality.
  • [REMOTE_CODE_EXECUTION]: The skill performs dynamic code execution by generating test scripts and running them on the host system. It also uses the maestro delegate CLI tool to generate and apply code fixes via an LLM-backed 'write' mode.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from the local environment and interpolates it into prompts for agents and tools. 1. Ingestion points: Git diff output in roles/strategist/role.md, source code in roles/generator/role.md, and test failure logs in roles/executor/role.md. 2. Boundary markers: Absent; the skill does not use delimiters or instructions to ignore embedded commands in the processed data. 3. Capability inventory: Bash for command execution, Write/Edit for file system changes, and Agent spawning for task delegation. 4. Sanitization: None; ingested data is used raw in prompts.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 17, 2026, 01:12 AM