test
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill identifies and executes test commands from the project environment, such as 'npm test', 'pytest', 'go test', and 'cargo test'. It also uses 'git' commands to analyze recent changes and identify testing gaps.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes untrusted source code and configuration files to generate tests. Maliciously crafted code could potentially influence the agent's behavior during the generation or verification phases.
- Ingestion points: The skill reads source files, project configuration files (e.g., 'package.json', 'pyproject.toml'), and git history into the agent's context.
- Boundary markers: Absent. The instructions do not specify any delimiters or warnings to ignore embedded instructions within the analyzed source code.
- Capability inventory: The skill has the capability to execute shell commands and write new files to the local filesystem.
- Sanitization: Absent. The skill is instructed to mirror existing code patterns exactly, which could include reproducing malicious logic or following embedded instructions.
Audit Metadata