ai-assisted-testing
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues were detected. The skill primarily consists of instructional prompts and local Python scripts for document format conversion.- [COMMAND_EXECUTION]: The Python scripts in the scripts/ directory utilize subprocess.call to execute sibling scripts (e.g., convert_formats.py). This is used for modularizing the conversion logic and is considered safe as it only invokes known local files using the system's Python interpreter.- [PROMPT_INJECTION]: The skill has a theoretical attack surface for indirect prompt injection as it processes external data files (CSV, JSON, DOCX, etc.). However, the risk is minimal as the scripts are standard Python utility code and the prompts include structure for delimiting content.
- Ingestion points: Files are read from the output-templates/ directory and user-provided paths by scripts/convert_formats.py and scripts/parse_formats.py.
- Boundary markers: The prompt in prompts/ai-assisted-testing.md utilizes Markdown headers and code blocks to separate instructions from data.
- Capability inventory: The skill can read/write local files and execute local Python scripts via subprocess.
- Sanitization: The normalize function in scripts/convert_formats.py provides basic data truncation and type checking before conversion.
Audit Metadata