auto-test
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute the
hurlcommand-line utility for running tests and generating reports. This includes constructing shell commands to process test files and pass dynamic variables. - [EXTERNAL_DOWNLOADS]: The documentation directs users to install the
hurltool via well-known and trusted package management systems such as Homebrew, Winget, and APT. - [DATA_EXFILTRATION]: The skill manages authentication tokens and merchant identifiers, prescribing their storage in local environment files. It includes a specific warning to use
.gitignoreto prevent these secrets from being exposed in version control. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its automated ingestion of external data. Ingestion points include API documentation from Apifox MCP and project source code (Java Param/VO/Mapper files). The skill currently lacks explicit boundary markers or sanitization logic for data extracted from these sources before it is used to generate executable test scripts and bug reports.
- [SAFE]: The skill's operations are transparent and aligned with its stated objective of API automation. No obfuscation, persistence mechanisms, or unauthorized privilege escalations were found.
Audit Metadata