migrating-to-vitest-4
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- PROMPT_INJECTION (HIGH): The skill exhibits a significant Indirect Prompt Injection surface. It is designed to read from untrusted local project files and has the power to execute side-effect-heavy commands. 1. Ingestion points: Project files are accessed using 'Read', 'Grep', and 'Glob' tools (Step 3 and config sections). 2. Boundary markers: Absent. No delimiters or instructions are provided to help the agent ignore instructions embedded within the processed data. 3. Capability inventory: 'Bash' (command execution), 'Write', and 'Edit' (file modification). 4. Sanitization: Absent. The skill does not escape or validate file content before processing it.
- EXTERNAL_DOWNLOADS (MEDIUM): The skill triggers 'npm install -D vitest@latest' and installs '@vitest/browser-playwright'. Runtime installation of external dependencies without version pinning or integrity verification presents a supply chain risk.
- COMMAND_EXECUTION (MEDIUM): The skill executes 'vitest --run' and 'vitest --coverage', which runs arbitrary code contained within the local project environment. If the project content is malicious, this leads to local code execution.
Recommendations
- AI detected serious security threats
Audit Metadata