quality-test-gen
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to create session directories, run test suites, and manage temporary files. The execution of shell commands is integral to its automated test-generation workflow.
- [PROMPT_INJECTION]: The skill exhibits vulnerability to indirect prompt injection (Category 8) because it ingests and processes untrusted data from the project's source code and existing test files to generate new tests.
- Ingestion points: The skill reads source code files (source_file), existing test files (.test., .spec.), and JSON reports (verification.json, coverage-report.json) from the repository to guide the test generation process.
- Boundary markers: The instructions for the sub-agents (spawned via spawn_agents_on_csv) do not specify delimiters or safety warnings to distinguish between technical code patterns and potentially malicious instructions embedded in comments or strings within the files.
- Capability inventory: Both the primary skill and its spawned agents have access to high-privilege tools including Bash, Write, Edit, and spawn_agents_on_csv, which could be exploited if an injection is successful.
- Sanitization: The implementation logic does not provide mechanisms for sanitizing or escaping the content read from external files before interpolating it into the prompt context for sub-agents.
Audit Metadata