testing
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The script
scripts/run-unit-tests.shuses theevalcommand to execute aTEST_CMDstring retrieved from.claude/config/project.json. This dynamic execution of configuration data is a known security risk as it allows for arbitrary command injection if the source file is compromised. - PROMPT_INJECTION (LOW): The skill exhibits an attack surface for indirect prompt injection by ingesting instructions from project configuration files without validation or sanitization. 1. Ingestion points:
.claude/config/project.json(used byscripts/run-unit-tests.shandscripts/run-api-tests.sh). 2. Boundary markers: Absent. No delimiters or instructions are used to separate configuration data from execution logic. 3. Capability inventory: The skill possesses the ability to execute shell commands (eval), perform network requests (curl), and write evidence to the local filesystem. 4. Sanitization: Absent. No validation is performed on the commands or URLs ingested from the config.
Audit Metadata