doc-sectest
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill emphasizes security best practices by including mandatory safety rules, such as requiring security tests to be run in isolated environments and prohibiting tests against production systems.\n- [COMMAND_EXECUTION]: The skill utilizes local Python and Bash scripts for artifact validation (e.g.,
validate_sectest.py,validate_all_tspec.sh). These scripts are internal to the project's documentation framework and do not involve remote code execution or untrusted external sources.\n- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it is designed to ingest and process documentation artifacts from the local filesystem.\n - Ingestion points: The skill reads test specifications from the
docs/10_TSPEC/SECTEST/directory.\n - Boundary markers: No specific boundary markers or delimiters are instructed for the agent to use when reading these files.\n
- Capability inventory: The skill has the capability to execute local scripts (
python,bash) based on the files it processes.\n - Sanitization: The skill relies on external validation scripts to enforce schema compliance, though it does not explicitly mention sanitizing the content for embedded instructions.
Audit Metadata