when-validating-code-works-use-functionality-audit

Pass

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill frequently invokes shell commands via npx and bash scripts to initialize environments, manage agent swarms, and run test suites. This includes creating directories in /tmp, writing configuration files (e.g., jest.config.js), and executing testing binaries.
  • [EXTERNAL_DOWNLOADS]: The skill uses npm and pip to download and install development dependencies including jest, typescript, and pytest. These resources are fetched from official package registries (npmjs.com, pypi.org) and are standard tools for the described workflow.
  • [REMOTE_CODE_EXECUTION]: The skill facilitates the execution of code within a sandbox to verify functionality. This is the core purpose of the skill and is triggered through standard testing commands like npm test and pytest.
  • [PROMPT_INJECTION]: The skill processes external code files, creating a surface for indirect prompt injection if the code under test contains malicious instructions designed to influence the agent. The skill addresses this risk by recommending the use of isolated environments and Docker containers.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 26, 2026, 03:22 AM
Security Audit — agent-trust-hub — when-validating-code-works-use-functionality-audit