qa-test-planner
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Dynamic Execution] (HIGH): The scripts
scripts/create_bug_report.shandscripts/generate_test_cases.shuseevalto assign user-provided input to variables. - Evidence:
eval "$var_name=\"$input\""inscripts/create_bug_report.sh(line 35) andscripts/generate_test_cases.sh(line 33). - Risk: This is a classic shell injection vulnerability. If the input contains shell metacharacters or subshell executions (e.g.,
$(command)), they will be executed by the shell during theevalcall. This allows an attacker who can influence the data processed by the agent to achieve Remote Code Execution (RCE). - [Indirect Prompt Injection] (LOW): The skill's primary function is to process external descriptions of bugs and test cases, creating a significant surface for indirect prompt injection.
- Ingestion points: Data ingested via
readinscripts/create_bug_report.shandscripts/generate_test_cases.sh. - Boundary markers: None present; the scripts treat all input as trusted data.
- Capability inventory: Subprocess execution and file-system write access.
- Sanitization: No sanitization or validation is performed on the input before it is passed to the
evalcommand, making the script highly vulnerable to adversarial data.
Recommendations
- AI detected serious security threats
Audit Metadata