automation-testing-expert
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Indirect Prompt Injection vulnerability surface.
- Ingestion points: The skill is designed to ingest and act upon project files, user requirements, and documentation (e.g., '编写和维护测试用例', '设计测试策略'). These sources are often attacker-controlled in shared or public repositories.
- Boundary markers: The skill definition contains no delimiters or instructions to treat external data as untrusted, increasing the risk that the agent will follow instructions embedded in code comments or README files.
- Capability inventory: The persona is explicitly granted authority over '测试框架搭建' and '持续集成测试流水线', which involves high-privilege operations like file writing and command execution (e.g., executing
pytest,npm test, or CI/CD scripts) via the agent's shell access. - Sanitization: No sanitization logic is present to filter malicious commands or control tokens from the input data before it influences the generation and execution of test scripts.
Recommendations
- AI detected serious security threats
Audit Metadata