Skills
skills/testany-io/testany-agent-skills/testany-debug/Gen Agent Trust Hub

testany-debug

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands retrieved dynamically from the testany_log_sign tool using eval. This is the primary mechanism for fetching diagnostic logs.
  • [REMOTE_CODE_EXECUTION]: The execution of a command string provided by an external tool call represents a form of remote code execution, as the specific command content is determined at runtime by the vendor service.
  • [EXTERNAL_DOWNLOADS]: The skill fetches content from external domains (*.testany.io, *.testany.com.cn). These are vendor-owned domains associated with the skill author 'TestAny-io' and are used for legitimate diagnostic purposes.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and analyzes test logs which could contain adversarial instructions.
  • Ingestion points: Content fetched via curlCommand execution in SKILL.md.
  • Boundary markers: The instructions provide safety verification steps for the command itself but do not specify delimiters or sanitization rules for the log content being analyzed.
  • Capability inventory: Ability to execute shell commands via eval and access Testany platform APIs.
  • Sanitization: Includes regex-based domain and parameter validation for the curl command prior to execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 02:28 AM