manual-testing
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides Python scripts in the scripts/ directory (such as batch_convert_templates.py and convert_formats.py) to handle test report conversions. These scripts use the subprocess module to chain execution, which is part of the intended local file-handling functionality provided by the author.
- [PROMPT_INJECTION]: This skill presents a surface for indirect prompt injection because it processes user-supplied testing requirements. Ingestion points: Data input via prompts/manual-testing.md. Boundary markers: The prompt lacks explicit delimiters to isolate user input. Capability inventory: The skill can execute local Python scripts. Sanitization: Input requirements are processed without validation or filtering.
Audit Metadata