local-service-testing
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill establishes an execution pipeline based on untrusted local repository data. Ingestion points: git diff, docker-compose.yml, package.json, and other project files. Boundary markers: None. Capability inventory: Execution of docker-compose, pnpm, pytest, and Go test suites. Sanitization: None. If the repository being analyzed contains malicious configurations or tests, the agent will execute them, potentially leading to local system compromise.
- [Unverifiable Dependencies] (MEDIUM): The skill references and executes external scripts (session-start.sh and validate-local-testing.sh) which are not included in the skill package. These scripts act as session hooks and validation gates, meaning they run code that has not been audited.
- [Command Execution] (MEDIUM): The skill provides instructions for the agent to run complex shell commands based on local configuration. While intended for testing, these capabilities can be abused if an attacker can influence the project structure or configuration files the agent reads.
Recommendations
- AI detected serious security threats
Audit Metadata