create-test-builder
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: Comprehensive analysis of the provided markdown and code files confirms the skill is safe. It does not perform any network operations, access sensitive file paths, or execute external code.
- [PROMPT_INJECTION]: The instructions in
SKILL.mdare standard technical directives for code generation. There are no attempts to override system instructions, bypass filters, or extract system prompts. - [DATA_EXFILTRATION]: No hardcoded credentials, API keys, or sensitive file paths (e.g., SSH keys, environment files) were found in the templates or examples. No network transmission patterns (curl, wget, fetch) are present.
- [REMOTE_CODE_EXECUTION]: The skill does not include any commands for downloading or executing remote scripts. It operates locally by using the provided PHP templates in
references/templates.mdto generate test files. - [COMMAND_EXECUTION]: There are no subprocess calls, shell execution patterns, or privilege escalation attempts (sudo, chmod) identified in the skill instructions.
- [INDIRECT_PROMPT_INJECTION]: While the skill analyzes user-provided PHP classes to generate code (an ingestion point for untrusted data), it lacks the execution capabilities (e.g., eval, system) that would make such an injection exploitable. The risk is assessed as minimal and typical for code-generation agents.
Audit Metadata