behavior-validator

Pass

Audited by Gen Agent Trust Hub on Jul 1, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it is designed to ingest and execute tasks defined in an external behavioral contract that may be attacker-controlled.
  • Ingestion points: The skill reads external contract files (e.g., behavior-contract.md) and user requests as defined in SKILL.md and references/contract-template.md.
  • Boundary markers: There are no explicit delimiters or instructions provided to separate the system's core validation logic from potentially malicious directives embedded within the test contract.
  • Capability inventory: The skill possesses capabilities to execute CLI commands, interact with API endpoints, and access web applications based on the contract's definitions.
  • Sanitization: While the skill provides clear instructions for redacting credentials and sensitive data from output reports, it does not define mechanisms for sanitizing or validating the instructions found within the input contract.
  • [COMMAND_EXECUTION]: The skill involves the execution of shell commands for environment setup and application testing.
  • Evidence: SKILL.md includes instructions for the agent to create temporary directories using mktemp, set restricted permissions with chmod 700, and manage files using cp and cd. These operations are used for isolation and are documented as part of the skill's standard operational workflow.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 1, 2026, 02:02 PM
Security Audit — agent-trust-hub — behavior-validator