fp-generate
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill uses a placeholder
$ARGUMENTSfor additional user instructions, which could be exploited to manipulate the tool's behavior via direct injection. - [PROMPT_INJECTION]: The skill processes
E2E_TESTS.mdfiles to generate executable code, creating a surface for indirect prompt injection where malicious instructions in the specification files could influence the generated tests. - Ingestion points: Reads specification data from
E2E_TESTS.mdfiles found recursively from the project root. - Boundary markers: The prompt does not specify the use of clear delimiters or instructions to ignore embedded commands within the specification files.
- Capability inventory: The skill can delete existing test files, write new executable test scripts, and invoke the project's test runner (Phase 4).
- Sanitization: There is no mention of sanitizing or validating the contents of the markdown files before they are incorporated into the test generation logic.
- [COMMAND_EXECUTION]: The skill invokes local shell commands to run test suites, linters, and formatters during its operation (Phase 1 and Phase 4).
- [DATA_EXFILTRATION]: The skill explicitly handles environment variables, including saving and restoring them during test execution. This poses a risk of exposing sensitive environment data if it is inadvertently included in the generated test files or logs.
Audit Metadata