test
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill instructs the agent to run shell commands like
pnpm testandpnpm test:storybook. This presents a risk of command injection if file names or user-provided test parameters are not properly sanitized before being passed to the shell execution environment. - Indirect Prompt Injection (HIGH): The skill possesses a high-risk surface for indirect prompt injection by combining external data ingestion with command execution capabilities.
- Ingestion points:
git statusoutput and changed file paths (SKILL.md). - Boundary markers: Absent; no instructions are provided to the agent to distinguish between data and potential instructions within the processed files or metadata.
- Capability inventory: Shell execution of
pnpmandgitcommands (SKILL.md). - Sanitization: None provided; there is no logic for validating or escaping inputs derived from the repository state.
Recommendations
- AI detected serious security threats
Audit Metadata