Skills
skills/testany-io/testany-agent-skills/case/Gen Agent Trust Hub

case

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill has a high risk of indirect injection via untrusted data.
  • Ingestion points: Uses testany_get_case_script to read external script files and WebFetch to ingest content from docs.testany.io.
  • Boundary markers: Absent. The agent is instructed to analyze script content and docs without delimiters or instructions to ignore embedded commands.
  • Capability inventory: Includes destructive actions like testany_delete_case and testany_bulk_delete_cases. An attacker-controlled script could contain instructions that trick the agent into deleting all project resources.
  • Sanitization: None identified for fetched content.
  • [Command Execution] (MEDIUM): The skill defines trigger_command arrays (e.g., ['python', 'test_api.py']) for remote execution. While execution happens on the Testany platform, the agent's logic for constructing these commands from user input or script analysis is a potential vector for command injection.
  • [External Downloads] (LOW): The skill uses WebFetch to download and parse external sitemaps and documentation. While targeting the official testany.io domain, this creates a runtime dependency on external site integrity to maintain safe agent behavior.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 06:14 AM