fp-add
Warn
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: User input via the $ARGUMENTS variable is directly interpolated into instructions, creating a surface for direct prompt injection.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through ingestion of project files. * Ingestion points: E2E_TESTS.md, project source code, and existing test files. * Boundary markers: Absent. * Capability inventory: File read/write and command execution (test runner/formatter). * Sanitization: Absent.
- [COMMAND_EXECUTION]: The skill invokes local tools to run tests and format code.
- [REMOTE_CODE_EXECUTION]: The skill performs dynamic code execution by generating test files and then executing them (Phase 4), a process influenced by potentially untrusted input from the user or project files.
Audit Metadata