skill-tester
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The
scripts/script_tester.pyutility executes Python scripts found within a target directory to verify their functionality and help output. - Evidence: The script uses
subprocess.run([sys.executable, str(script_path), ...])in the_test_script_execution,_test_help_functionality, and_test_sample_data_processingmethods. - Context: This is the primary purpose of the skill. The implementation avoids
shell=True, uses a list of arguments to prevent injection, and enforces a configurable timeout (default 30 seconds) to mitigate potential denial-of-service from infinite loops in tested scripts. - [EXTERNAL_DOWNLOADS]: The scripts
scripts/skill_validator.pyandscripts/quality_scorer.pyimport theyamlmodule (typically provided by thePyYAMLpackage). - Evidence:
import yamlis present in the imports of both files. - Context: While the documentation states 'No external dependencies required', the
yamlmodule is not part of the Python standard library. This is a minor documentation discrepancy rather than a security risk.
Audit Metadata