security-testing-en
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill defines a persona for a 'Senior Security Testing Expert' through a markdown prompt. This prompt is designed for professional use and does not include any instructions to override safety guidelines, bypass constraints, or exfiltrate system instructions.
- [COMMAND_EXECUTION]: The package includes Python scripts (e.g.,
batch_convert_templates.py,convert_formats.py) that facilitate the conversion of testing results between formats like JSON, CSV, and Excel. While these scripts usesubprocess.callto invoke other local Python scripts, the execution is strictly limited to known local files for the purpose of format parsing and does not process untrusted shell commands. - [DATA_EXFILTRATION]: Analysis of the source code and prompts confirms that the skill does not access sensitive system paths (such as SSH keys or environment variables) or perform unauthorized network requests. Placeholders are used consistently in examples that involve credentials or URLs.
- [EXTERNAL_DOWNLOADS]: The documentation references industry-standard tools like OWASP ZAP, Burp Suite, and Docker. However, the skill does not automate the downloading or execution of remote scripts. It provides informational guidance rather than active remote deployment mechanisms.
Audit Metadata