runhuman-testing
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructions create an indirect prompt injection surface by directing the agent to fetch and follow instructions from an external vendor-controlled markdown file (https://runhuman.com/for_agents_github_actions.md) when users inquire about CI/CD or GitHub Actions integration.
- Ingestion points: SKILL.md (Remote URL: https://runhuman.com/for_agents_github_actions.md)
- Boundary markers: Absent; the agent is told to "follow its instructions" for the setup process.
- Capability inventory: The skill has access to shell execution via the runhuman, npm, and gh (GitHub) CLIs.
- Sanitization: None; the agent is expected to process the remote documentation content as authoritative instructions.
- [EXTERNAL_DOWNLOADS]: The skill references and fetches resources from the vendor's official domain and GitHub repositories.
- Evidence: Fetches documentation from runhuman.com and checks release tags from github.com/volter-ai/runhuman-action.
- [COMMAND_EXECUTION]: The skill directs the agent to execute several system commands to manage the testing lifecycle, authentication, and project configuration.
- Evidence: Commands include
npm install -g runhuman,runhuman login,runhuman projects create, andgh release list.
Audit Metadata