testing
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill is a utility designed to validate the structure and frontmatter of other skills within a repository. No malicious patterns, data exfiltration, or obfuscation techniques were detected.
- [COMMAND_EXECUTION]: The skill documentation references running 'bun test' for automated conformance testing. This involves executing a well-known JavaScript runtime/test-runner on local project files, which is consistent with the skill's stated purpose.
- [PROMPT_INJECTION]: The skill processes instructions and metadata from external SKILL.md files, representing an indirect prompt injection surface:
- Ingestion points: Walks local subdirectories and parses multiple 'SKILL.md' files.
- Boundary markers: No explicit delimiters or instruction-ignore warnings are specified for the ingested content.
- Capability inventory: Includes 'search', 'list_pages', and local command execution via 'bun'.
- Sanitization: Content is parsed for validation without explicit sanitization or filtering of embedded instructions.
Audit Metadata