contract-testing
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): The skill contains standard instructional language and coordination hints for agents. No attempts to override safety filters or hijack agent behavior were detected.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, secrets, or sensitive file paths are present. The use of
$PACT_BROKERin CI/CD examples is a placeholder for standard environment variable injection. - [Obfuscation] (SAFE): All content is in plain text. No Base64, zero-width characters, or other obfuscation techniques were found.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill references the legitimate '@pact-foundation/pact' library. The 'pact-broker' commands are standard practice for this testing methodology. No suspicious remote code execution patterns were identified.
- [Indirect Prompt Injection] (SAFE): While the skill describes agents that process contract files (YAML/JSON), the provided examples are instructional and do not present a vulnerable surface for untrusted data interpolation within the skill's own logic.
Audit Metadata