test-full
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses dynamic context injection (
!command) to execute shell commands during skill load for project discovery. It runsfindto locate manifest files (e.g., package.json), test directories, and E2E configurations. It also echoes theCIandGITHUB_ACTIONSenvironment variables. These operations are restricted to project metadata and are consistent with the skill's stated purpose as a test runner. - [DATA_EXFILTRATION]: No network operations or external data transfers were identified. The access to environment variables is limited to non-sensitive identifiers.
- [PROMPT_INJECTION]: No attempts to override agent behavior or bypass safety guidelines were found.
- [DATA_EXPOSURE]: The skill ingests untrusted data in the form of local file names and environment flags via shell commands. This creates a surface for indirect prompt injection if file names were maliciously crafted, but the skill implements no high-risk capabilities (like network exfiltration) that would make this exploitable.
Audit Metadata