testing
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The
SKILL.mdfile contains a command to execute a local script./scripts/log-skill.sh. While intended for logging skill usage, executing scripts via relative paths relies on the presence and safety of local files. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill assists in writing and fixing tests, which involves analyzing untrusted project code. 1. Ingestion: The agent reads project source files to generate or debug tests. 2. Boundary markers: No explicit delimiters or instructions to ignore embedded code instructions are provided in the templates. 3. Capability inventory: The skill utilizes
npm test,pytest, and local script execution. 4. Sanitization: No sanitization of ingested code is performed before analysis. The severity is LOW as the primary impact is limited to local development contexts.
Audit Metadata