devassure
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the
@devassure/clipackage from the npm registry and references several well-known or vendor-owned domains (app.devassure.io, googleapis.com, nodejs.org, and a Heroku-based LLM endpoint) for authentication, installation, and core service functionality. - [COMMAND_EXECUTION]: The CLI tool supports a 'Tools' feature configured in
.devassure/tools/index.yamlthat allows for the execution of arbitrary shell commands (e.g.,npm install, API scripts) with argument interpolation. This is a primary feature intended for extending the agent's capabilities during testing. - [PROMPT_INJECTION]: The skill processes natural language instructions (test steps) from external files, which represents an indirect prompt injection surface.
- Ingestion points: Test scenarios are read from YAML files in the
.devassure/tests/directory or from user-provided CSV files. - Boundary markers: No explicit delimiters or safety instructions (e.g., 'ignore embedded commands') are documented for separating the test steps from the agent's execution logic.
- Capability inventory: The CLI can automate browser interactions, execute shell commands through the 'Tools' configuration, and manage report files.
- Sanitization: There is no mention of sanitization or validation for the natural language steps before they are processed by the AI agent, which is consistent with its role as a testing interpreter.
Audit Metadata