testing
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill recommends installing several external Node.js packages to set up the testing environment. While these are appropriate for the skill's primary purpose of testing Midnight contracts, the organizations are not within the explicitly trusted list.
- Evidence:
npm install -D @midnight-ntwrk/compact-simulator vitestinSKILL.md. - Evidence:
npm install -D @midnight-ntwrk/compact-simulator @midnight-ntwrk/midnight-js-network-id vitestinreferences/simulator-setup.md. - INDIRECT_PROMPT_INJECTION (LOW): The skill is designed to ingest and process contract artifacts (e.g.,
contract.json), which could potentially contain malicious instructions if provided by an adversary. However, the current scope is limited to unit testing logic. - Ingestion points: Loading
contract.jsonorcontractArtifactinSKILL.mdandreferences/simulator-setup.md. - Boundary markers: None present to delimit or ignore instructions within the contract artifacts.
- Capability inventory: Includes executing tests via
npm testas described inSKILL.md. - Sanitization: No evidence of sanitization for ingested contract data.
- COMMAND_EXECUTION (SAFE): The skill includes standard commands for running tests, which is consistent with its stated purpose.
- Evidence:
npm testinstructions inSKILL.md.
Audit Metadata