fp-update
Fail
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: CRITICALPROMPT_INJECTIONREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill incorporates a direct prompt injection vector by including '$ARGUMENTS' as additional instructions. This allows a user to provide input that could override the skill's logic or bypass safety guardrails.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its reliance on 'E2E_TESTS.md' as the source of truth for test generation.\n
- Ingestion points: Reads specifications from 'E2E_TESTS.md' across the project (Phase 1).\n
- Boundary markers: None. The content is processed directly to map spec elements to tests.\n
- Capability inventory: Performs file writing and modification in Phase 3; executes subprocesses to run tests in Phase 1 and Phase 4.\n
- Sanitization: None. The skill assumes the spec file is trustworthy and follows its instructions to 'Update' test files.\n- [REMOTE_CODE_EXECUTION]: The skill generates and modifies executable test code based on the contents of 'E2E_TESTS.md' (Phase 3) and subsequently executes that code (Phase 4). If the specification file contains malicious code or instructions, the agent will implement and run that code on the host system.\n- [COMMAND_EXECUTION]: The skill executes shell commands to run test suites in both Phase 1 (baseline check) and Phase 4 (verification). These commands are executed automatically without user review of the command line or the underlying test code.
Recommendations
- AI detected serious security threats
Audit Metadata