Testing Strategist
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION] (SAFE): The skill instructions and metadata do not contain any patterns typical of prompt injection, such as 'ignore previous instructions' or attempts to bypass safety filters.
- [DATA_EXFILTRATION] (SAFE): No access to sensitive file paths (e.g., SSH keys, credentials) or network operations to non-whitelisted domains were detected.
- [EXTERNAL_DOWNLOADS] (LOW): The skill facilitates the installation of standard, well-known testing frameworks (Jest, Playwright, Vitest) via official package managers (npm, pip). Per [TRUST-SCOPE-RULE], these are considered low-risk as they are necessary for the skill's primary purpose.
- [COMMAND_EXECUTION] (LOW): The skill executes common development commands like
npm testandnpx playwright test. These actions are transparently documented as part of the testing workflow. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill ingests local source code to create tests, which is a potential ingestion point for adversarial content. However, this is inherent to the skill's purpose, and no specific vulnerabilities or lack of sanitization were noted beyond the standard risk associated with processing user-provided code.
Audit Metadata