Jest Test Framework
Fail
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The
run-test.jsscript is vulnerable to shell command injection. It constructs a command string forexecSyncby joining user-provided arguments (like--fileand--config) without any sanitization or escaping. An attacker could use shell metacharacters (e.g.,;,&,|) to execute arbitrary commands on the system. - Evidence in run-test.js:
const command =npx jest ${jestArgs.join(' ')};followed byexecSync(command, ...). - REMOTE_CODE_EXECUTION (HIGH): The
generate-test.jsscript facilitates RCE by generating JavaScript files using simple string replacement. The--descriptionargument is interpolated directly into the test template. If this input is controlled by an attacker (e.g., through a malicious bug report processed by the agent), they can inject arbitrary JavaScript code into the resulting test file. - Evidence in generate-test.js:
let result = template...replace(/{{TEST_NAME}}/g, testName)wheretestNameis derived fromoptions.description. - INDIRECT_PROMPT_INJECTION (LOW): The skill exposes a significant attack surface for indirect prompt injection because it processes natural language descriptions to generate executable code.
- Ingestion points:
generate-test.jsvia the--descriptionCLI argument, typically populated from external bug reports. - Boundary markers: Absent. The user input is directly injected into the template code.
- Capability inventory:
execSyncinrun-test.js(executes the generated code) andfs.writeFileingenerate-test.js(persists the injected code). - Sanitization: Absent. No escaping or validation is performed on the
descriptionstring before it is written to the filesystem.
Recommendations
- AI detected serious security threats
Audit Metadata