Web Test Case Generator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill identifies and processes untrusted external content (source code files like
.vueand.jsx) and has the capability to write executable files. This creates a high-risk surface for indirect prompt injection attacks. - Ingestion points: The skill reads files from the local filesystem (e.g.,
src/views/agri/cart/index.vue). - Boundary markers: Absent. There are no instructions provided to the agent to treat content within the source files as data rather than instructions.
- Capability inventory: The skill reads file content and generates/writes new JavaScript files (
cart.spec.js, Playwright scripts). - Sanitization: Absent. There is no evidence of filtering or escaping logic to prevent malicious payloads in the source code from influencing the generation of the test scripts.
- Dynamic Execution (MEDIUM): The skill's primary function is to generate executable scripts (
cart.spec.js). While it does not execute them directly, the output is intended for execution. If the generation logic is compromised via indirect injection, the skill becomes a vector for delivering malicious payloads into the software development lifecycle. - Data Exposure (LOW): The skill requires access to the application's source code to function. While this is an intended feature, it exposes potentially sensitive intellectual property and internal API structures (e.g.,
@/api/agri/order) to the LLM context.
Recommendations
- AI detected serious security threats
Audit Metadata