test-locally
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands to manage a local development environment, including 'make generate' for code generation and 'docker compose' for stack deployment. These actions are consistent with its stated purpose of local testing.
- [COMMAND_EXECUTION]: It invokes a repository-local script './docker/run_local_docker.sh' to automate the setup of the OpenMetadata stack.
- [EXTERNAL_DOWNLOADS]: Build commands like 'mvn spotless:apply' and 'make install_dev' are used, which typically fetch dependencies from official package registries (Maven Central, PyPI) during the build process.
- [DATA_EXFILTRATION]: The skill uses 'curl' to verify the health of services on 'localhost' (ports 8585 and 9200). No external network communication was observed.
- [PROMPT_INJECTION]: The skill reads project files and tool outputs (e.g., 'git diff', 'grep', 'docker ps') to determine build strategies. While this represents a surface for indirect prompt injection, the risk is minimal as the operations are confined to the local repository context.
Audit Metadata