Skills
skills/sundial-org/awesome-openclaw-skills/test-gen/Gen Agent Trust Hub

test-gen

Fail

Audited by Gen Agent Trust Hub on Mar 23, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill directs the agent to run 'npx ai-test-gen'. This command downloads and executes a package from the npm registry that does not originate from a recognized trusted organization.
  • [COMMAND_EXECUTION]: The use of 'npx' involves executing arbitrary code on the local environment, which can be leveraged for malicious purposes if the package is compromised.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface. * Ingestion points: User-provided source files (e.g., './src/utils.ts'). * Boundary markers: Absent; no explicit delimiters or instructions to ignore embedded content in source files. * Capability inventory: Execution of 'npx ai-test-gen' and file system access to read source code. * Sanitization: Absent; the tool does not verify or sanitize the content of the source files before processing them with AI.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 23, 2026, 02:17 AM