Skills
skills/catlog22/claude-code-workflow/workflow-test-fix/Gen Agent Trust Hub

workflow-test-fix

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to perform standard project management tasks such as file discovery (find, rg), test execution (npm test), and git operations (git commit, git revert) for iteration tracking and regression recovery.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface.
  • Ingestion points: It ingests untrusted data from user descriptions in Phase 1 and codebase files in Phase 2.
  • Boundary markers: There are no explicit delimiters or protective instructions used when interpolating this external content into prompts for sub-agents like @code-developer or @test-fix-agent.
  • Capability inventory: The orchestrator has access to high-impact tools including Bash, Write, Edit, and Skill.
  • Sanitization: No sanitization or escaping logic is applied to the ingested content before it is used in dynamic task generation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 01:20 PM