acc-create-test-builder
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): Vulnerability surface identified. The skill instructs the agent to analyze external 'target class' definitions and generate code without using boundary markers to isolate untrusted content.
- Ingestion points: Target class structure provided by the user or external context (SKILL.md).
- Boundary markers: Absent. The instructions do not define delimiters for user-provided class data.
- Capability inventory: Code generation for PHP builders and mothers; no direct command execution or network tool usage is defined in the skill itself.
- Sanitization: No input validation or escaping patterns are observed in the templates (references/templates.md).
Audit Metadata