Skills
skills/rohunj/claude-build-workflow/test-and-break/Gen Agent Trust Hub

test-and-break

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (LOW): The skill is highly susceptible to indirect prompt injection because it navigates to external URLs to perform testing.
  • Ingestion points: agent-browser open [DEPLOYMENT_URL] reads content from untrusted external websites.
  • Boundary markers: No delimiters or instructions are provided to the agent to treat website content as data rather than instructions.
  • Capability inventory: The skill uses agent-browser to interact with pages and has the ability to write files to the local tasks/ directory.
  • Sanitization: There is no sanitization or validation of the external content before it is processed by the agent.
  • External Downloads (LOW): The skill requires the global installation of agent-browser via npm. This package is not from a source explicitly listed in the trusted organizations list, though it is a requirement for the skill's primary function.
  • Command Execution (SAFE): The skill executes shell commands (agent-browser and jq). These are standard for its intended purpose of automated QA and report generation.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:21 PM