test
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill instructions map user input ($ARGUMENTS) directly into a shell command template (
yarn test ... <pattern>) without any sanitization or validation logic. This creates a high risk of command injection where an attacker can execute arbitrary code on the host. - Ingestion points: User input via the $ARGUMENTS variable in SKILL.md.
- Boundary markers: Absent; user input is directly concatenated into the command string without delimiters.
- Capability inventory: Shell command execution via yarn scripts across multiple release channels.
- Sanitization: None present; the instructions do not guide the agent to validate the input pattern.
- [PROMPT_INJECTION] (LOW): The skill accepts natural language arguments to derive test patterns, providing an attack surface for indirect prompt injection that could be leveraged to trigger command execution.
Audit Metadata