configure-load-tests
Fail
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to perform system discovery and software installation, which can lead to unintended side effects on the host environment.
- [COMMAND_EXECUTION]: Installation templates in REFERENCE.md explicitly use 'sudo' to add GPG keys to system directories and install packages via apt-get, representing a privilege escalation vector if executed by the agent.
- [EXTERNAL_DOWNLOADS]: The skill is designed to fetch software binaries and security keys from external remote servers (dl.k6.io and keyserver.ubuntu.com) without verifying the integrity of the downloaded content.
- [REMOTE_CODE_EXECUTION]: Generated test scenarios import executable JavaScript directly from a third-party GitHub repository (benc-uk/k6-reporter), leading to the execution of unverified remote code within the k6 environment.
Recommendations
- AI detected serious security threats
Audit Metadata