pict-test-designer
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [External Downloads] (MEDIUM): The skill documentation (scripts/README.md) directs users to install the 'pypict' Python package. Since this package does not originate from a verified trusted organization, it is classified as an unverifiable dependency requiring manual review of its supply chain.
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest and analyze external software specifications (Category 8). This function creates a surface for indirect prompt injection where malicious instructions could be embedded in the data being processed. The risk is minimized as the skill's capabilities are restricted to generating test plans and text-based reasoning.
- [Command Execution] (INFO): The 'pict_helper.py' script and installation guides involve command-line operations. These are designed for manual user execution and the source code does not contain patterns for autonomous or hidden command execution.
Audit Metadata