Skills
skills/fortiumpartners/ai-mesh/ExUnit Test Framework/Gen Agent Trust Hub

ExUnit Test Framework

Fail

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): The generate-test.exs script is vulnerable to Elixir code injection. It uses string interpolation to embed user-provided arguments (module, description) directly into a generated .exs file. Because Elixir scripts are executed during testing via the run-test.exs script, an attacker can escape the module context to run arbitrary system commands.
  • [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection when used by other agents (like the mentioned deep-debugger) to process untrusted bug reports. • Ingestion points: The --module and --description flags in generate-test.exs. • Boundary markers: None; input is placed directly into code templates. • Capability inventory: File system write access (File.write!) and command execution (System.cmd). • Sanitization: None; the script performs no escaping or validation of inputs.
  • [COMMAND_EXECUTION] (MEDIUM): The skill allows arbitrary file writes via the --output parameter in generate-test.exs. An attacker could specify sensitive paths (e.g., ~/.bashrc or system configuration files) to overwrite them with generated code, leading to system instability or denial of service.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 21, 2026, 10:22 AM