testing-skills-with-subagents
Audited by Gen Agent Trust Hub on Feb 12, 2026
Both SKILL.md and examples/CLAUDE_MD_TESTING.md are documentation-only files. They outline a 'RED-GREEN-REFACTOR' testing methodology for AI agent skills and provide concrete test scenarios.
Prompt Injection: Both files use strong directives like IMPORTANT: This is a real scenario. Choose and act. within their test scenarios. While 'IMPORTANT' is a keyword for prompt injection detection, in this context, it serves as a meta-instruction to ensure the AI treats the simulated test scenarios seriously for evaluation purposes, rather than an attempt to bypass safety guidelines or extract system prompts. This usage is benign and part of the skill's intended function to test other skills' resilience.
Data Exfiltration: No commands or patterns indicative of data exfiltration were found. References to ~/.claude/skills/ directories and example commands like ls and grep are presented within the context of simulated test scenarios for skill discovery, not for actual malicious file access or exfiltration.
Obfuscation: No obfuscation techniques (Base64, zero-width characters, homoglyphs, URL/hex/HTML encoding) were detected in either file.
Unverifiable Dependencies: No external dependencies are referenced or installed.
Privilege Escalation: No commands for privilege escalation (e.g., sudo, chmod 777) were found.
Persistence Mechanisms: No commands for establishing persistence (e.g., modifying .bashrc, crontab) were found.
Metadata Poisoning: The metadata for SKILL.md is benign and accurately describes the skill. examples/CLAUDE_MD_TESTING.md is an example file and does not have its own metadata.
Indirect Prompt Injection: These skills are designed to test for rationalization and loopholes in other skills, which is a defense against prompt injection. They are not directly susceptible to indirect injection in a malicious way themselves.
Time-Delayed / Conditional Attacks: No time-delayed or conditional attack patterns were found.
Overall, both files are purely informational and do not pose any security risks.