qa-test-planner
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
- [Command Execution] (HIGH): The scripts
scripts/create_bug_report.shandscripts/generate_test_cases.shuse theevalcommand to process user input, which is a major security risk.\n - Evidence: The function
prompt_inputin both scripts contains the lineeval "$var_name=\"$input\""where$inputis read directly from the user/agent.\n - Risk: Shell metacharacters or command substitutions (e.g.,
$(whoami)) provided as input will be executed by the shell, leading to full system compromise.\n- [Indirect Prompt Injection] (HIGH): The skill provides an attack surface where untrusted data can lead to command execution.\n - Ingestion points: Interaction with the bash scripts
create_bug_report.shandgenerate_test_cases.shwhich read data through thereadcommand.\n - Boundary markers: None are used to delimit user input from the script logic or the generated markdown structure.\n
- Capability inventory: The skill possesses the ability to execute shell commands (via the scripts) and write to the local filesystem.\n
- Sanitization: There is no escaping or validation of the input before it is passed to
evalor written to markdown files.
Recommendations
- AI detected serious security threats
Audit Metadata