fix-tests
Audited by Gen Agent Trust Hub on Feb 13, 2026
The SKILL.md file provides a detailed workflow and instructions for an AI agent to fix failing tests. It outlines steps such as reading project configuration files (README.md, package.json), running tests, identifying failures, and launching 'developer' agents with specific instructions.
1. Prompt Injection: No patterns indicative of prompt injection (e.g., 'IMPORTANT: Ignore', 'Override', role-play instructions) were found. The use of 'Important Constraints' is in a benign, instructional context.
2. Data Exfiltration: The skill does not contain any commands or instructions that would exfiltrate sensitive data. It mentions reading project files (e.g., test files, README.md), but not sending their content to external servers.
3. Obfuscation: No obfuscation techniques (Base64, zero-width characters, homoglyphs, URL/hex/HTML encoding) were detected in the markdown content.
4. Unverifiable Dependencies: The skill refers to other 'skills' (e.g., 'TDD skill', 'sadd skill') which are assumed to be internal to the agent's ecosystem and subject to their own security analysis. No external package installations (npm install, pip install) or arbitrary script downloads from untrusted URLs were found.
5. Privilege Escalation: No commands like sudo, chmod 777, or instructions for installing services were present.
6. Persistence Mechanisms: No attempts to establish persistence (e.g., modifying .bashrc, crontab, authorized_keys) were detected.
7. Metadata Poisoning: The name, description, and argument-hint fields were reviewed and found to be benign.
8. Indirect Prompt Injection: As the skill instructs agents to read external files (e.g., test files, README.md, package.json), there is an inherent, informational risk of indirect prompt injection if those external files were to contain malicious instructions. However, this is a general risk for any agent interacting with a codebase and not a specific vulnerability introduced by this skill's instructions.
9. Time-Delayed / Conditional Attacks: No conditional logic based on dates, times, usage counts, or environment variables that could trigger malicious behavior was found.
Conclusion: The skill is purely instructional and does not contain any direct executable code or malicious patterns. It is categorized as 'NO_CODE' and deemed 'SAFE'.