testing-guide
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill creates a vulnerability surface for Indirect Prompt Injection (Category 8). Ingestion points: The agent is instructed to read repository files, pull request implementations, and feature descriptions to determine test requirements (SKILL.md). Boundary markers: No instructions are provided to use delimiters or to ignore instructions embedded within the code being analyzed. Capability inventory: The skill directs the agent to execute
pnpm testand other workspace scripts, which run local JavaScript/TypeScript code. Sanitization: No validation or sanitization of the code or repository state is performed before command execution. - [COMMAND_EXECUTION] (LOW): The guide relies on the execution of workspace-specific scripts via
pnpm. While standard for a developer workflow, this grants the agent the ability to execute arbitrary code defined in the repository's package configuration. - [Identity Management] (LOW): The guide implements an identity spoofing pattern using the
x-test-user-idheader for multi-user tests. While useful for testing, this pattern poses a risk of privilege escalation if the logic is accidentally introduced into production-ready code.
Recommendations
- AI detected serious security threats
Audit Metadata