Skills
skills/testany-io/testany-agent-skills/test-spec-writer/Gen Agent Trust Hub

test-spec-writer

Pass

Audited by Gen Agent Trust Hub on Apr 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute local Python scripts (trace_lint.py and trace_build_rtm.py) located in plugins/testany-eng/scripts/ to validate traceability and lint the generated test specifications. These are vendor-provided verification tools.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes untrusted development documents while maintaining command execution capabilities.
  • Ingestion points: The skill reads local files such as PRD, API Contract, HLD, LLD, and Test Strategy to gather context.
  • Boundary markers: Absent; no delimiters are used to wrap the content of ingested files or to instruct the agent to ignore embedded commands.
  • Capability inventory: The skill has the ability to execute shell commands (Python scripts) as part of its consistency self-check phase.
  • Sanitization: Absent; no validation or escaping of the text extracted from input documents is performed.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 5, 2026, 08:28 PM