Skills
skills/liquid4all/cookbook/tool-chain-test/Gen Agent Trust Hub

tool-chain-test

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by defining workflows that ingest untrusted fixture data from the filesystem and pass it to automated tools such as OCR and security scanners.
  • Ingestion points: Files in the tests/fixtures/ directory including images, PDFs, and text files.
  • Boundary markers: None implemented in the provided test templates to isolate untrusted content from instructions.
  • Capability inventory: The skill manages MCP server lifecycles as child processes and provides a callTool interface to interact with filesystem and data tools.
  • Sanitization: No evidence of sanitization or validation of the input fixture data prior to tool processing.
  • [COMMAND_EXECUTION]: The TestHarness utility is described as starting and stopping MCP servers as child processes and executing the test runner via npx vitest.
  • [DATA_EXFILTRATION]: The skill includes instructions for testing security tools by scanning sensitive local files, such as .env files and documents containing simulated PII, for reconciliation and auditing purposes.
  • [EXTERNAL_DOWNLOADS]: The documentation suggests using vitest, a well-known technology tool, which may be fetched and executed through the npx package runner.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 06:32 AM