agent-integration-testing
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to autonomously execute shell commands and HTTP requests to verify test expectations. This involves spawning subagents that follow instructions defined in generated test specification files.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection (Category 8). It ingests untrusted data from the codebase being tested and uses it to define actions. Mandatory Evidence Chain:
- Ingestion points: Codebase investigation using
globandgrep(SKILL.md, Core Process Step 1). - Boundary markers: None identified to separate codebase content from agent instructions.
- Capability inventory: Execution of arbitrary shell commands and HTTP requests via subagents (SKILL.md, Core Process Step 4).
- Sanitization: No sanitization or validation of the codebase content before it influences test generation is described.
Audit Metadata