counterexample-explainer
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions in SKILL.md (Workflow Step 2) direct the agent to execute shell commands using the
pytesttesting framework to collect diagnostic data including failure details, stack traces, and local variable values. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection attack surface because it is designed to ingest and process untrusted external data such as test failure outputs and counterexample traces.
- Ingestion points: Workflow Step 2 in
SKILL.mddefines counterexample information and test outputs as primary inputs for analysis. - Boundary markers: The workflow does not specify the use of boundary markers or explicit instructions to ignore embedded commands within the ingested counterexample data.
- Capability inventory: The skill workflow incorporates shell command execution via the
pytestframework. - Sanitization: No sanitization or validation logic is defined for the external traces before they are incorporated into the agent's explanation context.
Audit Metadata