skill-testing
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is instructional in nature, providing best practices and code snippets for maintaining skill quality and activation accuracy through automated testing.
- [COMMAND_EXECUTION]: The skill includes examples of standard development and CI/CD operations, such as running linting tools and validation scripts via
npm. These are typical for project maintenance and do not indicate malicious intent. - [DATA_EXPOSURE]: The provided TypeScript examples use
fs.readFileSyncandglobbyto read skill metadata files for validation purposes. This file access is scoped to the skill directory for testing and follows expected software engineering practices. - [PROMPT_INJECTION]: The activation testing component uses an LLM to determine if a query should trigger a skill based on its description. While this represents a surface for indirect prompt injection if the skills being tested contain adversarial content, it is a recognized pattern for automated evaluation and poses minimal risk within a controlled testing environment.
Audit Metadata