skill-tester
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a legitimate testing utility. All files were analyzed for common attack vectors and no threats were identified.- [COMMAND_EXECUTION]: The skill utilizes a bundled Node.js script, 'scripts/validate-skill.mjs', for checking skill metadata and structural integrity. This script is executed locally and does not access the network or sensitive system paths.- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface due to its design for processing third-party skill content. * Ingestion points: Workflow Phase 1 (reading 'SKILL.md' and linked resources). * Boundary markers: No explicit instructions for content isolation or delimiters are provided in the instructions. * Capability inventory: Use of 'shell commands', 'read/search tools', and a local validation script. * Sanitization: The process relies on static analysis and regex checks rather than dynamic execution of the analyzed content.
Audit Metadata