test-audit
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (SAFE): The skill is designed to ingest and analyze external test code, which is a known surface for indirect prompt injection. However, the risk is classified as SAFE because the skill instructions do not grant the agent any dangerous capabilities such as file-writing, network communication, or code execution. Ingestion points: User-provided file paths and project-wide directory scans (SKILL.md, Step 1). Boundary markers: Not explicitly defined in the prompt instructions. Capability inventory: The skill is limited to providing text-based audit reports and summaries. Sanitization: No sanitization logic is present for the analyzed content.
- No Code (SAFE): This skill consists entirely of Markdown instructions and reference material; no executable Python or JavaScript code is provided.
Audit Metadata