fp-smoke-test
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill incorporates user-provided input through the
$ARGUMENTSvariable without sanitization, allowing for potential direct prompt injection. - [COMMAND_EXECUTION]: The agent is instructed to identify and run build scripts, start development servers, and execute CLI commands found within the target application's source code.
- [REMOTE_CODE_EXECUTION]: For library testing, the skill directs the agent to generate and execute arbitrary code snippets in the
/tmpdirectory. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it relies on instructions parsed from local files like
E2E_TESTS.mdandREADMEto determine its testing workflow. - Ingestion points: Files
E2E_TESTS.md,README, source code, and the$ARGUMENTSvariable. - Boundary markers: None; the skill lacks delimiters or warnings to treat ingested data as untrusted.
- Capability inventory: The agent can execute shell commands, run generated scripts, perform network operations via
curl, and use browser automation tools. - Sanitization: No filtering or validation is performed on the content extracted from the repository files.
Audit Metadata