unit-tests
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill has a significant attack surface for indirect prompt injection.
- Ingestion points: The skill asks for 'code, file, or folder' from the user (SKILL.md, Step 1).
- Boundary markers: There are no instructions to use delimiters or ignore instructions embedded within the analyzed code.
- Capability inventory: The skill is required to 'run the unit tests' (Step 5), write to 'KNOWN-BUGS.md', and 'fix the bug' (Task section).
- Sanitization: No sanitization or validation of the input code is performed before analysis or execution.
- [Command Execution] (HIGH): Step 5 requires the agent to 'run the unit tests and ensure there are no errors'. This implies executing shell commands (e.g.,
pytest,npm test) on code that is untrusted. A malicious file could include a test suite that executes arbitrary code on the host system when the agent attempts to run it. - [Remote Code Execution] (HIGH): Because the agent is instructed to 'fix' bugs and run the resulting code, an attacker could provide code that 'tricks' the agent into writing and then executing a malicious payload under the guise of a test fix.
Recommendations
- AI detected serious security threats
Audit Metadata