tdd
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill instructs the agent to ingest untrusted code from feature branches and execute it. * Ingestion points: 'git checkout feature-branch' in SKILL.md. * Capability inventory: Shell execution via 'pnpm test:coverage' and 'pnpm exec vitest'. * Boundary markers: Absent. * Sanitization: Absent.
- [COMMAND_EXECUTION] (HIGH): The skill explicitly directs the agent to run commands like 'pnpm test:coverage'. If the repository contains malicious configuration, these scripts can perform unauthorized operations on the host system.
Recommendations
- AI detected serious security threats
Audit Metadata