ln-522-manual-tester
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions specify a fallback mechanism to fetch reference documentation from a remote GitHub repository (
https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/) using theWebFetchtool if local files are unavailable. This repository belongs to the skill's author. - [COMMAND_EXECUTION]: The skill's primary workflow involves creating bash scripts within the target project's
tests/manual/directory, modifying their permissions usingchmod +x, and executing them via theMonitororBashtools to verify acceptance criteria. - [REMOTE_CODE_EXECUTION]: The skill dynamically generates shell scripts which are then executed. This behavior is intended for testing purposes but represents a capability for running arbitrary code generated by the agent.
- [PROMPT_INJECTION]: There is an attack surface for indirect prompt injection as the skill processes data from untrusted sources, including Story descriptions (Acceptance Criteria),
infrastructure.md, andrunbook.md. - Ingestion points: Story AC, project infrastructure documentation, and project runbooks.
- Boundary markers: Absent; the skill interpolates this data directly into the logic used to generate bash scripts.
- Capability inventory: File system writes, permission modification (
chmod), and shell command execution (Bash,Monitor). - Sanitization: No explicit validation or escaping of input data is defined before it is used in script generation.
Audit Metadata