scan-integration-tests
Warn
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill explicitly instructs the agent to search for and read configuration files such as
.env.testandappsettings.test.json. These files often contain sensitive information, credentials, or API keys used for testing environments. While this aligns with the skill's purpose of documenting test setup, it creates a risk of exposing these secrets in generated documentation or reports. - [PROMPT_INJECTION]: The skill processes untrusted project data (source code and test files) to generate summaries and code snippets, creating an indirect prompt injection surface.
- Ingestion points: Reads various project files including source code (
*.csproj,package.json,pom.xml,conftest.py) and test configuration files. - Boundary markers: The instructions do not define delimiters or specific warnings to ignore instructions embedded within the files being scanned.
- Capability inventory: The skill has the capability to read local files, write to a report file (
plans/reports/), and update a documentation file (docs/project-reference/). - Sanitization: There is no mention of sanitizing or escaping the content extracted from the files before it is processed or written to the documentation.
Audit Metadata