test-fixing
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill has a high-risk attack surface as it processes external, untrusted content (source code and test outputs) and has the capability to execute commands and modify files. 1. Ingestion points: Output from make test and git diff (SKILL.md). 2. Boundary markers: Absent; the agent is not instructed to ignore commands embedded in code or test output. 3. Capability inventory: Shell command execution (make, pytest, git) and file modification (Edit tool). 4. Sanitization: Absent; the agent is encouraged to replicate patterns found in the failing data.
- [Command Execution] (MEDIUM): The skill directs the agent to execute shell commands like make test. If the local environment or repository contains a malicious Makefile, this results in arbitrary code execution in the agent's context.
Recommendations
- AI detected serious security threats
Audit Metadata