helpmetest
Warn
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an Indirect Prompt Injection surface. It ingests untrusted data from external websites provided by the user during the discovery phase (references/phases/phase-1-discovery.md) and enumeration phase (references/phases/phase-2-enumeration.md). This data is used to document features and generate test scenarios. Malicious instructions embedded in the target website's content could potentially influence the agent's behavior during test generation or execution. * Ingestion points: Target website content analyzed during Phase 1 and Phase 2. * Boundary markers: None identified in the provided instructions to distinguish website data from agent instructions. * Capability inventory: Uses helpmetest_run_interactive_command, helpmetest_upsert_test, and helpmetest_run_test to interact with the environment and execute code. * Sanitization: Not explicitly present in the skill files.
- [COMMAND_EXECUTION]: The skill performs dynamic execution by generating test scripts (e.g., Robot Framework syntax as illustrated in references/phases/phase-2-enumeration.md) via the helpmetest_upsert_test tool and subsequently executing them with helpmetest_run_test. While this is the primary purpose of the skill, it represents a dynamic code generation and execution pattern where scripts are assembled and run at runtime based on the interactive discovery of features from potentially untrusted sources.
Audit Metadata