Skills
skills/proffesor-for-testing/sentinel-api-testing/test-environment-management/Gen Agent Trust Hub

test-environment-management

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION] (HIGH): High risk of indirect prompt injection via agent task parameters.
  • Ingestion points: Data passed to Task("Environment Provisioning", ...) and FleetManager.coordinate (specifically the services, baseline, and strategy fields) in SKILL.md.
  • Boundary markers: Absent. The skill provides no instructions to treat task parameters as data only, nor does it use delimiters to separate instructions from untrusted input.
  • Capability inventory: Direct execution of infrastructure-altering tools including AWS CLI (aws ec2 stop-instances/start-instances), Docker Compose (docker-compose up/exec), and Terraform provisioning.
  • Sanitization: Absent. No validation or filtering is specified for the environment names, service lists, or tags used in the automated scripts.
  • [COMMAND_EXECUTION] (MEDIUM): The skill utilizes high-privilege shell commands for infrastructure management.
  • Evidence: Use of aws ec2 with query interpolation $(aws ec2 describe-instances ...) and docker-compose exec can be dangerous if the underlying filters or service names are manipulated.
  • [EXTERNAL_DOWNLOADS] (LOW): The skill references external dependencies.
  • Evidence: Requires the wiremock-captain npm package and pulls Docker images (postgres:15, redis:7). These are standard dependencies but increase the attack surface via the supply chain.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 09:44 AM