unit-test-remote
Warn
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill constructs a shell command string using multiple parameters provided by the user or parsed from the environment.
- Evidence:
SKILL.mddescribes the behavior of "assembling the~/.bits-ut/utd remote_test ...command" from inputs such asworking_directory,package_path, andfiles. - Risk: Without explicit sanitization of these string parameters, an attacker could inject shell operators (e.g.,
;,&&) to execute arbitrary commands. - [PROMPT_INJECTION]: The skill processes untrusted data from test logs which could contain malicious instructions designed to manipulate the agent's next steps.
- Ingestion points: The skill parses JSON streams from the
bits-uttool and extracts theOutputfield as described inSKILL.md. - Boundary markers: No delimiters or boundary markers are used to separate the external test output from the agent's instructions.
- Capability inventory: The skill executes shell commands and is used within the
/speckit.verifyworkflow, which has the capability to modify or implement code. - Sanitization: There is no evidence of sanitization or escaping of the extracted log content before it is processed by the agent.
- [EXTERNAL_DOWNLOADS]: The skill relies on a remote testing mechanism that transmits data to external servers.
- Evidence: The skill is titled
unit-test-remoteand utilizes aremote_testcommand, implying network communication and remote execution of code.
Audit Metadata