skills/dnyoussef/ai-chrome-extension/when-validating-code-works-use-functionality-audit/Gen Agent Trust Hub
when-validating-code-works-use-functionality-audit
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill frequently invokes shell commands via
npxand bash scripts to initialize environments, manage agent swarms, and run test suites. This includes creating directories in/tmp, writing configuration files (e.g.,jest.config.js), and executing testing binaries. - [EXTERNAL_DOWNLOADS]: The skill uses
npmandpipto download and install development dependencies includingjest,typescript, andpytest. These resources are fetched from official package registries (npmjs.com, pypi.org) and are standard tools for the described workflow. - [REMOTE_CODE_EXECUTION]: The skill facilitates the execution of code within a sandbox to verify functionality. This is the core purpose of the skill and is triggered through standard testing commands like
npm testandpytest. - [PROMPT_INJECTION]: The skill processes external code files, creating a surface for indirect prompt injection if the code under test contains malicious instructions designed to influence the agent. The skill addresses this risk by recommending the use of isolated environments and Docker containers.
Audit Metadata