fp-fix
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill directly interpolates user input via the '$ARGUMENTS' variable into its prompt, explicitly inviting 'Additional instructions' without using boundary markers or sanitization. \n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the analysis of external repository files. 1. Ingestion points: Test implementation files and 'E2E_TESTS.md' read in Phase 2. 2. Boundary markers: None identified. 3. Capability inventory: Shell command execution (running test suites) and file modification (fixing tests). 4. Sanitization: No sanitization or content validation performed on read files. \n- [COMMAND_EXECUTION]: The skill executes shell commands to run test suites. This allows for the execution of code contained within the project's test files, which could be malicious if the repository content is untrusted.
Audit Metadata