interval-guided-regression-test-update
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's workflow explicitly requires executing the user's program and test suites (e.g., 'Run existing tests', 'Execute all tests', 'Execute test with new code') to verify interval coverage and validate updates. This creates a risk if the code being tested or the environment contains malicious instructions.
- [REMOTE_CODE_EXECUTION]: The skill automates the generation of new test scripts (Python, Java, JS, C++) and immediately executes them. This automated 'generate-and-run' cycle can be exploited if the generation logic is influenced by malicious input, leading to the execution of unintended code.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it parses and analyzes untrusted source code, conditionals, and comments to derive interval constraints. Maliciously crafted content within the analyzed files could potentially influence the agent's behavior or the content of the generated tests.
Audit Metadata