skill-testing

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill is instructional in nature, providing best practices and code snippets for maintaining skill quality and activation accuracy through automated testing.
  • [COMMAND_EXECUTION]: The skill includes examples of standard development and CI/CD operations, such as running linting tools and validation scripts via npm. These are typical for project maintenance and do not indicate malicious intent.
  • [DATA_EXPOSURE]: The provided TypeScript examples use fs.readFileSync and globby to read skill metadata files for validation purposes. This file access is scoped to the skill directory for testing and follows expected software engineering practices.
  • [PROMPT_INJECTION]: The activation testing component uses an LLM to determine if a query should trigger a skill based on its description. While this represents a surface for indirect prompt injection if the skills being tested contain adversarial content, it is a recognized pattern for automated evaluation and poses minimal risk within a controlled testing environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 10:27 AM
Security Audit — agent-trust-hub — skill-testing