ln-520-test-planner
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious behavior or security vulnerabilities were detected. The skill follows established patterns for stateful coordination and uses deterministic runtime controls to manage its workflow.
- [COMMAND_EXECUTION]: The skill executes local Node.js scripts (located in
references/scripts/) to maintain execution state, record checkpoints, and validate phase transitions. These operations are restricted to the project's.hex-skills/directory and use sanitized identifiers to prevent path traversal. - [DATA_EXPOSURE]: Runtime metadata and artifacts are stored locally in the
.hex-skills/directory. No evidence of unauthorized data exposure, hardcoded credentials, or exfiltration to external domains was found. - [INDIRECT_PROMPT_INJECTION]: The skill ingests external data by listing comments from a task tracker to verify the status of research and testing. While this is an ingestion point for untrusted data, the skill mitigates risk by searching only for specific, predefined headers (e.g., '## Test Research:'), which is a standard and low-risk pattern.
Audit Metadata