inline-test-injection
Fail
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSNO_CODEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script 'scripts/test-skill.sh' invokes the 'claude' CLI with the '--dangerously-skip-permissions' flag, which explicitly bypasses the agent's permission system and security checks during execution.\n- [EXTERNAL_DOWNLOADS]: The 'scripts/build-skill.sh' script runs 'npm install' to download external third-party dependencies from the npm registry.\n- [NO_CODE]: The functional logic for the 'scripts/dist/inline-test-injection.js' script is missing from the repository, represented only by a Git LFS pointer file.\n- [PROMPT_INJECTION]: The skill processes untrusted documentation and test specification files, creating a surface for indirect prompt injection.\n
- Ingestion points: Input files provided as 'spec-file' and 'source-file' arguments to the 'inline-test-injection.js' script.\n
- Boundary markers: None identified; no delimiters or instructions to ignore embedded content are present in the processing logic.\n
- Capability inventory: Local file read/write operations and command execution via the test runner scripts.\n
- Sanitization: None identified; the skill performs semantic matching on raw file content without sanitization or validation of input data.
Recommendations
- AI detected serious security threats
Audit Metadata