testprof
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it is designed to analyze untrusted content from the user's project. * Ingestion points: The agent is instructed in
SKILL.mdto read project configuration and source files such asspec/spec_helper.rb,Gemfile, and various application logic files. * Boundary markers: The skill does not employ delimiters or instructions to ignore potential commands within the processed external files. * Capability inventory: The skill possesses the capability to read local files and generates shell commands for user execution based on the analyzed data. * Sanitization: There is no validation, escaping, or filtering of the ingested file content before it is processed. - [EXTERNAL_DOWNLOADS]: The skill references an external dependency from a well-known service.
references/bottlenecks.mdsuggests fetching thesimplecovgem directly from the officialsimplecov-rubyorganization on GitHub to utilize performance-oriented coverage modes.
Audit Metadata