skill-test
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill automates the discovery and installation of external packages using the
npx skills addcommand, which fetches data from the well-knownskills.shregistry. - [COMMAND_EXECUTION]: It performs system-level operations to install skills and dynamically invokes them using the platform's skill execution tools to perform quality testing.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface. It ingests untrusted data from the
find-skillstool results and third-party skill documentation. There are no explicit boundary markers or sanitization logic mentioned to prevent instructions within third-party skills from overriding the agent's testing logic. The skill documents ingestion points in SKILL.md and includes capabilities for file installation and dynamic code execution, though it claims to prompt for user confirmation before installation.
Audit Metadata