wio
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill operates as a testing orchestration tool, providing guidance and workflows for improving codebase reliability through various testing methodologies.
- [EXTERNAL_DOWNLOADS]: The reference materials describe and recommend the use of well-known, trusted industry tools for testing and security, such as Playwright, Jest, Pytest, k6, OWASP ZAP, and Trivy. These references are informative and align with the skill's purpose.
- [COMMAND_EXECUTION]: The skill provides examples of shell commands for repository inspection (e.g., using
rg) and test execution. These commands are intended to be used by the agent to discover code patterns or run existing tests within the user's environment. - [DATA_EXFILTRATION]: There is no evidence of attempts to harvest credentials or send sensitive data to external, untrusted domains. References to searching for 'auth' or 'secrets' occur strictly within the context of security auditing and repository mapping.
- [PROMPT_INJECTION]: No malicious prompt injection or jailbreak patterns were identified in the skill instructions or reference files.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests repository content (code, tests, and documentation) to identify test candidates. While this presents a standard attack surface for indirect injection, the risk is classified as low as it is a core functional requirement of the tool.
- [NO_CODE]: The skill includes a benign Python script (
scripts/test-review-reminder.py) used to prompt the user to review changed test files, which does not perform any dangerous operations.
Audit Metadata