minitap-testing-flows
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill README includes installation steps referencing the author's official repository (minitap-ai/agent-skills) via npx. This is a standard and expected download path for vendor-provided skills.
- [REMOTE_CODE_EXECUTION]: The installation command uses npx to execute code from the vendor's repository, which is a common and trusted deployment method for this skill author.
- [PROMPT_INJECTION]: The skill analyzes external codebase data to generate testing templates, creating an attack surface for indirect prompt injection. 1. Ingestion points: Analysis of project source files and interaction with the testing-service MCP. 2. Boundary markers: There are no specific delimiters used to isolate code content from agent instructions. 3. Capability inventory: The agent has the ability to create, update, and delete flow templates through the provided MCP tools. 4. Sanitization: The instructions do not specify any validation or sanitization steps for content derived from the codebase.
Audit Metadata