Skills
skills/naodeng/awesome-qa-skills/mobile-testing-en/Gen Agent Trust Hub

mobile-testing-en

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Utility scripts such as batch_convert_templates.py and several wrapper scripts use subprocess.call to execute other local Python scripts for format conversion and data parsing tasks.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it is designed to ingest and process content from various external file types (Word, Excel, XMind, etc.) for use in test plan generation.
  • Ingestion points: scripts/convert_formats.py and scripts/parse_formats.py read data from files with .docx, .xlsx, .xmind, .json, and .csv extensions.
  • Boundary markers: The scripts do not implement boundary markers or instructions to the AI agent to ignore potentially malicious content within the processed files.
  • Capability inventory: The skill provides capabilities for local file read/write operations and execution of local Python scripts.
  • Sanitization: No sanitization or filtering logic is present to validate the content extracted from external files before it is processed.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 10:48 PM