mobile-testing
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to design mobile test plans by processing untrusted application requirements and context.
- Ingestion points: User-provided mobile application requirements, platform features, and test goals are ingested through the 'mobile-testing.md' prompt.
- Boundary markers: The prompt does not utilize explicit delimiters (such as triple quotes) or specific instructions to isolate or ignore instructions that might be embedded within the provided application requirements.
- Capability inventory: The skill environment includes scripts ('convert_formats.py', 'parse_formats.py') capable of file system operations (read/write), archive processing (unzipping), and subprocess execution.
- Sanitization: There is no implementation of input validation or sanitization for the requirements data before it is processed by the agent.
- [COMMAND_EXECUTION]: Python scripts within the 'scripts/' directory (e.g., 'batch_convert_templates.py' and its wrappers) utilize 'subprocess.call' to execute local Python scripts using 'sys.executable' for format conversion and parsing tasks. While this is localized and uses list-based arguments to prevent shell injection, it constitutes dynamic execution of scripts within the skill's file structure.
Audit Metadata