test-coverage
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface detected. The skill processes untrusted source code and interpolates identifiers into shell commands without sanitization.\n
- Ingestion points:
SKILL.md(shell loops iterating over files and functions).\n - Boundary markers: Absent. No delimiters are used for code snippets.\n
- Capability inventory:
Bashtool used for file system operations and test execution.\n - Sanitization: Absent. Variables extracted from source code are used unquoted in shell loops.\n- [COMMAND_EXECUTION]: Bash loops in sections 3a and 3c (e.g.,
fname=$(echo "$line" | grep -oP ...)andgrep -rn "$fname") use unquoted variable interpolation. This is vulnerable to command injection if a repository contains malicious file or function names designed to break shell execution.\n- [REMOTE_CODE_EXECUTION]: The skill facilitates the execution of the project's own test suites (e.g.,npx jest,pytest,mvn test). Since this executes code contained within the analyzed repository, it represents a risk if the codebase being audited is malicious.\n- [EXTERNAL_DOWNLOADS]: The skill triggers the installation of tools likevultureviapipand executes packages vianpx. These actions download code from public package registries.
Audit Metadata