helpmetest-test-generator
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill processes untrusted data from external 'Feature artifacts' to derive test scenarios and generate executable code. This creates a surface where malicious instructions embedded in the artifacts could influence the agent's behavior. 1. Ingestion points: The skill reads feature definitions via the helpmetest_get_artifact tool in Phase 1. 2. Boundary markers: There are no explicit instructions to the agent to ignore or delimit embedded natural language instructions within the artifacts. 3. Capability inventory: The skill can create and modify files (helpmetest_upsert_test), execute code (helpmetest_run_test), and perform interactive browser debugging. 4. Sanitization: No sanitization or validation of the artifact content is specified before it is used to generate test logic.
- [COMMAND_EXECUTION]: Dynamic Test Generation and Execution. The skill dynamically constructs Robot Framework test scripts from scenario data and executes them using helpmetest_run_test. While this is the intended primary function of the skill, it constitutes a dynamic execution surface that processes variable input from artifacts.
- [EXTERNAL_DOWNLOADS]: The skill utilizes vendor-provided infrastructure for testing services, including the fakemail.helpmetest.com domain for email verification tasks. These are documented as legitimate vendor resources and do not represent unauthorized data exfiltration.
Audit Metadata