Skills
skills/yonatangross/orchestkit/testing-integration/Gen Agent Trust Hub

testing-integration

Fail

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The script scripts/create-integration-test.md contains an instruction to execute a shell command (grep) that recursively searches through all .env* files for database-related strings. Scanning environment files is a high-risk activity as they often contain sensitive secrets like production API keys, tokens, and passwords.
  • [COMMAND_EXECUTION]: The skill uses shell command execution via the ! prefix in scripts/create-integration-test.md to perform project discovery, including the use of grep, find, and wc. This relies on the agent's ability to run system commands based on the skill's instructions.
  • [PROMPT_INJECTION]: The skill allows the use of the WebFetch and WebSearch tools and provides patterns for testing external API boundaries. This introduces a surface for indirect prompt injection, where an agent could be manipulated by malicious instructions or data retrieved from an external source.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 13, 2026, 03:04 PM