finalrun-generate-test
Fail
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructs the agent to collect sensitive information including login credentials, passwords, and payment details directly from the user. It explicitly forbids the use of placeholders or anonymization, mandating that the agent use the exact plaintext values provided during Step 2.
- [DATA_EXFILTRATION]: Collected plaintext credentials are incorporated into test prompts which are then transmitted to the FinalRun cloud infrastructure via the create_test MCP tool. This pattern stores sensitive user data in an unmasked format on a remote service, which is a significant data exposure risk.
- [PROMPT_INJECTION]: The workflow relies on reading and interpreting arbitrary source code files during the analysis phase, creating an indirect prompt injection surface. * Ingestion points: The agent reads relevant source files in Step 1 to map user flows. * Boundary markers: No delimiters or instructions to ignore embedded commands within the source files are provided. * Capability inventory: The agent has access to tools for creating and organizing data on a remote server including create_test and create_test_suite. * Sanitization: There is no evidence of sanitization or safety checks performed on the data extracted from source files before it is used to drive agent logic.
Recommendations
- AI detected serious security threats
Audit Metadata