Skills
skills/naodeng/awesome-qa-skills/security-testing/Gen Agent Trust Hub

security-testing

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads the official OWASP ZAP Docker image (owasp/zap2docker-stable) for security testing purposes, which is a recognized and standard tool for web vulnerability scanning.
  • [COMMAND_EXECUTION]: Bash scripts in the examples/owasp-zap-scan/ directory, such as run-scan.sh, use the docker run command to execute security scans against target URLs.
  • [COMMAND_EXECUTION]: Various Python scripts in the scripts/ directory (e.g., batch_convert_templates.py) utilize subprocess.call to invoke local format conversion and parsing utilities.
  • [PROMPT_INJECTION]: The skill's main prompt in prompts/security-testing.md is designed to process external application information to generate test plans, which identifies an indirect prompt injection surface.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 09:37 PM