Skills
skills/help-me-test/skills/helpmetest-self-heal/Gen Agent Trust Hub

helpmetest-self-heal

Pass

Audited by Gen Agent Trust Hub on Mar 21, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill ingests untrusted data from test logs and error messages which could contain malicious instructions designed to hijack the agent's workflow.
  • Ingestion points: Data entering the agent via listen_to_events and helpmetest_status (SKILL.md).
  • Boundary markers: None present to distinguish between test logs and agent instructions.
  • Capability inventory: helpmetest_run_interactive_command (executes shell commands), helpmetest_upsert_test (modifies test files), and helpmetest_run_test (executes code).
  • Sanitization: No evidence of validation or sanitization of ingested test data before it is interpolated into prompts or used as input for command-execution tools.
  • [COMMAND_EXECUTION]: Dynamic Command and Code Execution. The skill uses helpmetest_run_interactive_command to interactively investigate failures and helpmetest_upsert_test to modify test files. While this is the primary purpose of a test-healing agent, it provides a high-privilege execution environment that could be exploited if the agent is influenced by malicious test output.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 21, 2026, 11:50 PM