finalrun-test-runner
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill identifies an indirect prompt injection surface because it processes test names and instructions retrieved from the FinalRun platform through tools like
list_testsandlist_test_suites. * Ingestion points:list_tests,list_test_suites,available_apps. * Boundary markers: Absent. * Capability inventory:run_test_locally,create_app_version,run_test_by_name_on_devices. * Sanitization: Absent. - [DATA_EXFILTRATION]: The
create_app_versiontool allows the agent to upload files from a localfilePathto the vendor's infrastructure. While this is the intended mechanism for uploading application binaries for testing, it represents a capability that could be misused to target sensitive local files if the agent's logic is diverted. - [COMMAND_EXECUTION]: The skill manages the execution of mobile tests on local devices using system-level utilities such as
adbandxcrun. These operations are performed through therun_test_locallyandrun_test_suite_locallyMCP tools.
Audit Metadata