Skills
skills/lambdatest/agent-skills/postman-newman-automation/Gen Agent Trust Hub

postman-newman-automation

Pass

Audited by Gen Agent Trust Hub on Apr 24, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install well-known API testing tools from the standard NPM registry.
  • Evidence: Recommends installing newman and newman-reporter-htmlextra using npm install -g.
  • [COMMAND_EXECUTION]: The skill generates shell scripts and Jenkinsfile pipelines intended to run the newman command for API testing.
  • Evidence: Provides reusable bash scripts and Groovy pipeline scripts that execute the newman run command with various parameters for collection execution and reporting.
  • [CREDENTIALS_SAFE]: The generated scripts use secure patterns for handling sensitive information such as API keys and environment files.
  • Evidence: Recommends using Jenkins credentials store (credentials('id')) and environment variable placeholders ({{POSTMAN_API_KEY}}) instead of hardcoding secrets.
  • [INDIRECT_PROMPT_INJECTION]: The skill identifies a surface for processing external data files which could theoretically contain malicious instructions, though it currently only generates the execution logic.
  • Ingestion points: Processes external files such as collection.json, environment.json, and test-data.csv in SKILL.md.
  • Boundary markers: Absent from the generated command templates.
  • Capability inventory: Executes subprocesses via the newman CLI tool.
  • Sanitization: None explicitly defined for file paths or URLs, relying on the user to provide valid testing assets.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 24, 2026, 03:03 PM