testing-verification

Pass

Audited by Gen Agent Trust Hub on Jul 5, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill defines a standard testing workflow that uses established tools like Jest, pytest, and Playwright. It does not introduce external dependencies or unauthorized remote execution patterns.\n- [PROMPT_INJECTION]: No attempts to override safety protocols, activate 'developer mode', or extract system prompts were found in the skill content.\n- [DATA_EXFILTRATION]: The skill does not contain instructions to access sensitive local files (e.g., credentials, SSH keys) or transmit data to external, non-whitelisted domains.\n- [PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface by ingesting untrusted project data (docs, source code, CI configs) to determine testing strategies. However, this is inherent to the testing task and the skill follows best practices for tool usage. Evidence Chain: 1. Ingestion points: Project instructions, CI workflows, and source files; 2. Boundary markers: None explicitly mentioned; 3. Capability inventory: Execution of project-defined test commands and UI automation; 4. Sanitization: None explicitly specified.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 5, 2026, 06:07 PM
Security Audit — agent-trust-hub — testing-verification