Skills
skills/proffesor-for-testing/agentic-qe/security-testing/Gen Agent Trust Hub

security-testing

Warn

Audited by Gen Agent Trust Hub on Mar 26, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute a shell command using node -e to read and update run-history.json. This involves dynamic script generation and execution on the local filesystem. Evidence found in the 'Run History' section of SKILL.md.
  • [REMOTE_CODE_EXECUTION]: The skill provides instructions for running remote Docker images, specifically owasp/zap2docker-stable, for dynamic security scanning. This involves the execution of remote containerized content from a well-known security organization.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is designed to ingest and analyze untrusted source code. Ingestion points: Code targets in src/ and package.json as specified in SKILL.md and references/compliance-agent-commands.md. Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within analyzed files. Capability inventory: The skill performs file writes via Node.js and executes shell commands (npm audit, docker run). Sanitization: No evidence of input validation or sanitization of ingested code is present.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 26, 2026, 12:11 AM