snapshot-test-helper
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to process user requests and external code patterns for snapshot testing, yet it lacks delimiters or specific instructions to prevent the agent from obeying embedded instructions. * Ingestion points: User requests and external codebase files containing snapshot patterns. * Boundary markers: Absent; no logic is provided to distinguish data from instructions. * Capability inventory: Access to Bash, Write, and Edit tools allows for arbitrary command execution and file modification. * Sanitization: Absent; there is no mention of validating or escaping content before using it with tools.
- [Command Execution] (MEDIUM): The skill explicitly allows the 'Bash' tool. While necessary for some test automation tasks, enabling this without strict constraints or input validation increases the risk of the agent being manipulated into running harmful shell commands if adversarial input is encountered during the 'snapshot test' assistance.
Recommendations
- AI detected serious security threats
Audit Metadata