test-case-organizer
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill relies on 'scripts/organize_tests.py' to perform its core functions. Because the script source code is not included in the skill definition, it is impossible to verify its actions, such as whether it performs unauthorized file access or network operations.
- DYNAMIC_EXECUTION (MEDIUM): The workflow involves refactoring business code and then executing the modified tests using the '--execute' flag. This 'modify-then-run' pattern is a security risk as it could lead to the execution of malicious or broken code created during the automated refactoring process.
- INDIRECT_PROMPT_INJECTION (LOW): The skill ingests untrusted business code files to identify test patterns. 1. Ingestion point: Business code files processed by the organizer script. 2. Boundary markers: None identified in instructions. 3. Capability inventory: Local script execution and file system modification. 4. Sanitization: None mentioned. This creates a surface where malicious instructions embedded in business code could influence the organizer script or agent behavior.
Audit Metadata