activitypub-testing
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No instructions attempting to override agent behavior or bypass safety guidelines were found.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials or access to sensitive local files (e.g., SSH keys, AWS configs) were identified. Network requests in examples are limited to localhost.
- [Remote Code Execution] (SAFE): The skill does not perform remote script execution or download untrusted packages. It references standard local npm scripts for testing.
- [Obfuscation] (SAFE): No encoded strings, hidden characters, or homoglyphs were found in the provided files.
- [Indirect Prompt Injection] (LOW):
- Ingestion points: Test examples in
SKILL.mdprocess JSON responses from/.well-known/webfinger. - Boundary markers: Absent in code snippets.
- Capability inventory: The skill describes using
npm runto execute test suites which involves subprocess calls. - Sanitization: None shown in the documentation snippets, but the risk is localized to the test environment.
Audit Metadata