Skills
skills/michaelmerrill/skills/test/Gen Agent Trust Hub

test

Pass

Audited by Gen Agent Trust Hub on Mar 28, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests data from untrusted or attacker-modifiable project files to drive its logic.
  • Ingestion points: Reads project-level documentation including tdd.md, plan.md, spec.md, and prd.md in the SKILL.md file.
  • Boundary markers: The instructions lack the use of delimiters or specific warnings to ignore embedded instructions within the ingested markdown files.
  • Capability inventory: The skill has permissions to write files to the repository and execute system commands to run test suites.
  • Sanitization: There is no logic provided to sanitize or validate the content of the markdown files before processing.
  • [COMMAND_EXECUTION]: The skill executes local commands to run test suites (e.g., via a test runner discovered in the project). This behavior is the intended primary function of the tool and is considered safe within the context of a testing utility provided it operates on local files.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 28, 2026, 10:31 PM