test-debug-failures
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill establishes a workflow that is susceptible to indirect prompt injection (Category 8) by processing external data from test execution logs.
- Ingestion points: The instructions in
SKILL.md(Phase 1.1 and 1.3) direct the agent to run tests and parse the complete output, including potentially untrusted error messages and stack traces. - Boundary markers: The prompt template does not define clear boundaries or isolation instructions for the data read from test results, which could allow instructions embedded within the logs to influence the agent's behavior.
- Capability inventory: The agent is granted access to high-privilege tools such as
Bash,Edit, andMultiEdit, which could be used to perform unauthorized code modifications if the agent obeys an injected instruction found in a test failure. - Sanitization: No sanitization, validation, or escaping steps are required for the captured test output before it is used to plan and implement code fixes in subsequent phases.
Audit Metadata