integrate-playground
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill contains instructions to execute various shell commands including
pytestfor contract testing,streamlit runfor launching the UI, and recursivefindcommands to clean up Python cache files. These represent a standard developer execution surface. - [EXTERNAL_DOWNLOADS] (LOW): The guide references
pipanduvfor dependency management. While these tools can download external code, the instructions specifically target local installation (pip install -e .) and execution within the project environment. - [DYNAMIC_EXECUTION] (LOW): The troubleshooting guide mentions
importlib.reloadas a method for clearing module caches. While this is a form of dynamic loading, it is explicitly described as "not recommended" and is a standard Python development technique, thus the severity is minimized. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill uses "token efficiency" as a justification to steer the agent away from reading the original source code, encouraging reliance on the provided reference files instead. This creates a surface where the agent might adopt the skill's claims over the ground truth of the codebase.
- Ingestion points: Reference markdown files provided in the skill.
- Boundary markers: Absent; the agent is not instructed to verify the skill's reference files against the source.
- Capability inventory: Subprocess execution (tests, app), file system cleanup (
rm). - Sanitization: None; the agent is conditioned to trust the skill's mapping table to save tokens.
Audit Metadata