generating-test-data
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface by converting user-specified schemas into executable scripts.
- Ingestion points: User-provided schemas, formats, and data requirements in SKILL.md.
- Boundary markers: No explicit markers or instructions are used to separate user input from the script generation logic.
- Capability inventory: The skill uses Bash, Write, and Edit tools to create and execute data-generation scripts.
- Sanitization: There is no evidence of input validation or sanitization to prevent malicious code from being injected into the generated scripts.
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute Node.js or Python scripts that are generated at runtime, which is a powerful capability that depends on the integrity of the generation process.
Audit Metadata