helpmetest
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The
SKILL.mdorchestrator includes a mandatory instruction to run an update command in the background (helpmetest updates) with explicit orders to 'NOT test it first' and 'just launch and move on'. This pattern attempts to override typical agent safety and validation protocols for tool execution. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of ingesting and acting upon untrusted data from external websites.
- Ingestion points: Untrusted content, page elements, and interactive metadata are retrieved from external URLs during the discovery and enumeration phases (Phase 1 & 2).
- Boundary markers: No delimiters or isolation instructions are provided to distinguish between site content and the agent's internal logic.
- Capability inventory: The skill possesses significant execution capabilities, including
helpmetest_run_interactive_command,helpmetest_upsert_test, andhelpmetest_run_testas referenced in thephase-3-test-generation.mdandphase-1-discovery.mdfiles. - Sanitization: The skill documentation does not describe any sanitization or validation of external data before it is used to generate executable test scenarios.
- [COMMAND_EXECUTION]: The skill executes local git commands (
git status,git diff) to analyze project context and utilizes thehelpmetesttoolset to perform shell operations and run generated Robot Framework test scripts.
Audit Metadata