Skills
skills/vihang-hub/integrated-sdlc-framework/security-test-design/Gen Agent Trust Hub

security-test-design

Pass

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting external documentation to generate test plans and scripts.
  • Ingestion points: security_requirements, threat_model, and compliance_reqs inputs (SKILL.md).
  • Boundary markers: No delimiters or instructions to ignore embedded commands are specified for the input data.
  • Capability inventory: The skill generates Markdown test plans and a directory of TypeScript test scripts (security_tests/).
  • Sanitization: No explicit input validation or sanitization logic is defined for the provided Markdown inputs.
  • [EXTERNAL_DOWNLOADS]: The skill references the use of the trufflesecurity/trufflehog GitHub Action for secret scanning in CI/CD pipelines. This is a well-known and trusted security tool.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 15, 2026, 04:55 AM