opentester
Fail
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill's Linux installation script suggests a usage pattern that involves piping remote content directly from a URL to the bash interpreter. Evidence:
install.shcontains a usage comment suggestingcurl -fsSL https://raw.githubusercontent.com/kznr02/OpenTester/main/opentester-skills/install.sh | bash. - [COMMAND_EXECUTION]: The skill provides the ability to execute arbitrary shell commands via its YAML-based DSL for test automation. Evidence:
SKILL.mdandREFERENCE.mddocument theexecaction for CLI targets, which executes a user-generatedcommandstring. - [EXTERNAL_DOWNLOADS]: Installation scripts for both Windows and Linux download core skill components and examples from the author's GitHub repository at runtime. Evidence:
install.shandinstall.ps1fetch files fromgithub.com/kznr02/OpenTester. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests untrusted data (local code changes and instructions) to generate executable tests.
- Ingestion points: The agent reads local source code and Git diffs to understand changes as described in
SKILL.mdworkflows. - Boundary markers: The YAML DSL provides structure, but there are no explicit prompt-level instructions to ignore malicious instructions embedded in the code being analyzed.
- Capability inventory: Command execution is available through the
run_caseandrun_projecttools. - Sanitization: No sanitization or content validation is mentioned before the input is used to generate executable YAML steps.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/kznr02/OpenTester/main/opentester-skills/install.sh - DO NOT USE without thorough review
Audit Metadata