qa-execution
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to identify and execute shell commands extracted from repository manifests such as Makefiles and package.json. A malicious repository could define destructive commands under standard target names like 'test' or 'verify' which the agent is instructed to execute.
- [PROMPT_INJECTION]: The skill ingests untrusted data from repository documentation and Web UI surfaces to determine its test plans and execution steps. Ingestion points: Repository manifests, documentation files, and browser snapshots. Boundary markers: Absent. Capability inventory: Extensive capabilities including arbitrary shell command execution, file system writes, and network access. Sanitization: None.
- [EXTERNAL_DOWNLOADS]: The skill routinely installs dependencies using package managers (npm, pip, cargo, etc.) as part of the project setup, which involves downloading code from external registries.
Audit Metadata