Skills
skills/prowler-cloud/prowler/prowler-test-api/Gen Agent Trust Hub

prowler-test-api

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECREDENTIALS_UNSAFE
Full Analysis
  • [CREDENTIALS_UNSAFE] (LOW): Hardcoded test credentials (e.g., TEST_PASSWORD = "testing_psswd" and dev@prowler.com) are present in the documentation file references/test-api-docs.md. These are intended for local test environments but constitute hardcoded secrets.
  • [COMMAND_EXECUTION] (SAFE): The skill provides standard bash commands for running the pytest suite. These commands do not involve privilege escalation, piping remote content to a shell, or obfuscation.
  • [PROMPT_INJECTION] (SAFE): No patterns of prompt injection, role-play, or safety bypass instructions were found. The 'Critical Rules' are standard coding and testing constraints.
  • [DATA_EXFILTRATION] (SAFE): There are no attempts to access sensitive system files (like ~/.ssh or ~/.aws) or exfiltrate data to unknown domains. The skill specifically warns against using realistic API keys to avoid detection by secret scanners like TruffleHog.
  • [INDIRECT_PROMPT_INJECTION] (LOW): The skill is designed to ingest and process local project files (API code) and has Bash and Write capabilities. While this presents an attack surface where malicious code in the project could influence the agent, the risk is inherent to the developer-assistant use case and mitigated by standard LLM guardrails.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:09 PM