exploratory-testing-advanced
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Category 1: Prompt Injection (SAFE): The skill contains standard instructional language for software testing professionals and AI agents. There are no attempts to bypass safety filters or override system instructions.
- Category 2: Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file paths, or network operations were detected. The skill focuses on documentation and methodology.
- Category 3: Obfuscation (SAFE): No encoded content, zero-width characters, or homoglyphs are present.
- Category 4: Unverifiable Dependencies & Remote Code Execution (SAFE): The dependencies list is empty. The provided TypeScript snippets are illustrative and do not perform remote downloads or unauthorized executions.
- Category 5: Privilege Escalation (SAFE): No commands involving sudo, chmod, or administrative access are present.
- Category 6: Persistence Mechanisms (SAFE): No attempts to modify system startup, cron jobs, or shell profiles were detected.
- Category 7: Metadata Poisoning (SAFE): Metadata fields are accurate and describe the skill's purpose without deceptive content.
- Category 8: Indirect Prompt Injection (LOW): While the agent is intended to process external data (software under test), the skill itself does not create a specific vulnerability beyond the inherent nature of a testing tool. It provides structured templates (SBTM) which actually help in organizing and delimiting findings.
- Category 9: Time-Delayed / Conditional Attacks (SAFE): No logic gating behavior based on time or external conditions was found.
- Category 10: Dynamic Execution (SAFE): The skill does not generate or execute code dynamically. The code blocks provided are for documentation and reference.
Audit Metadata