Skills
skills/jpcaparas/skills/mockable-code/Gen Agent Trust Hub

mockable-code

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/test_skill.py uses subprocess.run to invoke internal validation and scanning tools. These calls use sys.executable and pass arguments as a list, which is a secure and standard way to run project-specific maintenance scripts.
  • [REMOTE_CODE_EXECUTION]: An automated scanner flagged a URL in scripts/test_skill.py. Analysis confirms this is a false positive: the script writes a TypeScript test fixture containing the URL https://payments.example.test/charge to verify that the mockability scanner correctly identifies network calls. The URL belongs to a reserved testing domain and the code is never executed.
  • [SAFE]: All components, including the analyze_mockability.py scanner, operate strictly on local source code provided by the user. No evidence of data exfiltration, obfuscation, persistence, or privilege escalation was found.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 10:45 AM
Security Audit — agent-trust-hub — mockable-code