team-testing
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill frequently uses the
Bashtool to execute shell commands, including git operations, directory management, and running test frameworks like Jest, Pytest, and Vitest. It also invokes a CLI tool (ccw cli) to perform LLM-based code generation and fixing tasks. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) due to how it handles external data.
- Ingestion points: The strategist role reads
git diffoutput; the generator role reads the contents of source files to generate tests; the executor role captures stderr/stdout from test failures to provide context for fixes. - Boundary markers: The skill does not consistently use explicit boundary markers or clear delimiters (e.g., wrapping code in specific tags) when interpolating untrusted file content or tool output into the prompts for
ccw clior theAgent()tool. - Capability inventory: The skill possesses extensive capabilities across all roles, including the ability to run arbitrary shell commands (
Bash), spawn sub-agents (Agent), and modify the file system (Write,Edit). - Sanitization: No explicit sanitization or escaping of input data (from source files or test results) is performed before it is used to construct command strings or instructions for sub-agents.
Audit Metadata