automate-tests
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill discovers and executes arbitrary shell commands found within a repository's documentation, CI configurations, or build manifests (e.g.,
npm test,pytest,make test). - Evidence: SKILL.md describes identifying and running 'primary test entry points' and 'CI workflow steps' parsed from repository files.
- [EXTERNAL_DOWNLOADS]: The skill performs dependency installations and network operations if the repository's test suite requires them.
- Evidence: SKILL.md includes logic for
npm ci,docker compose, and environment setup, though it mandates user confirmation before proceeding. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it parses untrusted repository content to determine its next actions.
- Ingestion points: Reads
README.md,package.json,.github/workflows/*.yml, and other manifest files during the 'Discover test plan' phase. - Boundary markers: The skill relies on manual user confirmation as a safety boundary before executing discovered commands, but lacks automated technical delimiters for the parsed data.
- Capability inventory: The skill possesses shell execution capabilities (subprocess calls) across all scripts to run tests and install dependencies.
- Sanitization: No explicit sanitization or structural validation is performed on the commands extracted from documentation or manifests before they are presented to the user for execution.
Audit Metadata