runhuman-testing
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of
runhumanCLI commands (e.g.,create,status,results) to manage QA testing workflows and project configurations.\n- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of therunhumanglobal package from the npm registry, which is a resource provided by the vendor, volter-ai.\n- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface (Category 8) as it processes data from external sources.\n - Ingestion points: External feedback from human testers is retrieved through the
runhuman resultscommand inSKILL.md.\n - Boundary markers: There are no delimited blocks or instructions provided to the agent to treat the retrieved feedback as untrusted content.\n
- Capability inventory: The agent can execute CLI commands, manage API keys, and interact with GitHub integrations through the
runhumantool.\n - Sanitization: No sanitization or validation logic is specified for the feedback content before it enters the agent's context.
Audit Metadata