pest-testing

Warn

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill uses deceptive metadata to impersonate a trusted source.\n
  • Evidence: The YAML frontmatter lists 'laravel' as the author, which is a well-known organization, while the actual skill author context is 'imsus'. This impersonation is a deceptive practice that can mislead users and agents about the skill's origin and safety.\n- [PROMPT_INJECTION]: The skill references non-existent software versions to establish false authority.\n
  • Evidence: The documentation and description repeatedly mention 'Pest 4' features, despite the current stable version of the Pest framework being version 3. This misleading versioning suggests the skill may be distributing unverified or fabricated patterns.\n- [PROMPT_INJECTION]: The skill's browser testing capabilities present an indirect prompt injection surface.\n
  • Ingestion points: The agent is instructed to use the visit() function to interact with web pages, which loads external application content into its context (found in SKILL.md).\n
  • Boundary markers: The instructions do not define delimiters or provide specific warnings to the agent to ignore potential instructions embedded in the HTML or console logs of the visited pages.\n
  • Capability inventory: The agent is granted the ability to execute shell commands (e.g., php artisan test) and modify application files.\n
  • Sanitization: No mechanisms for filtering or sanitizing ingested page content are described.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 19, 2026, 07:52 AM
Security Audit — agent-trust-hub — pest-testing