Skills
skills/testany-io/testany-agent-skills/test-strategy-reviewer/Gen Agent Trust Hub

test-strategy-reviewer

Pass

Audited by Gen Agent Trust Hub on Apr 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill is configured to execute local Python scripts (trace_lint.py and trace_build_rtm.py) located in the vendor's plugin directory (plugins/testany-eng/scripts/). These tools are used to verify the integrity and traceability of test strategy documents.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it processes untrusted documentation provided by the user.
  • Ingestion points: The agent reads the Test Strategy, PRD, API Contract, and HLD files provided in the session.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the review guidelines.
  • Capability inventory: The skill can execute local command-line tools via Python.
  • Sanitization: There is no evidence of sanitization or filtering of the content within the reviewed documents before processing.
  • [SAFE]: All external resources and script paths belong to the vendor's own infrastructure (TestAny-io). The skill does not perform network exfiltration, access sensitive system credentials, or use any obfuscation techniques.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 5, 2026, 08:28 PM