swain-test
Warn
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/swain-test.shallows for the execution of arbitrary shell commands defined in project configuration. - Evidence: The
run_integrationfunction inscripts/swain-test.shexecutes the value of.integration.commandfrom.agents/testing.jsonusingbash -c. This allow a malicious repository to execute arbitrary code when the agent runs tests. - [COMMAND_EXECUTION]: The skill automatically executes test commands based on detected project files (e.g.,
package.json,Cargo.toml). - Evidence: The
detect_test_commandfunction triggers build-tool commands likenpm test, which can execute arbitrary code defined in the project's dependency manifests or test scripts. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection from test outputs.
- Ingestion points: Test results and error messages from
scripts/swain-test.sh(captured via_RUN_OUTPUT) are emitted directly to the agent's context. - Boundary markers: No delimiters or isolation markers are used to wrap the untrusted test output.
- Capability inventory: The agent has access to the shell and filesystem through this skill.
- Sanitization: None; external content is interpolated directly into the tool response.
Audit Metadata