unittest-test-creator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is designed to ingest and process external data (source code for test generation) and is granted powerful tools (
Bash,Write,Edit). This creates a mandatory evidence chain for Category 8: 1. Ingestion point: User-provided source code. 2. Boundary markers: None present in instructions. 3. Capability inventory: Bash, Write, Edit, Grep. 4. Sanitization: None. An attacker could embed malicious instructions in the code being tested that the agent might follow, leading to unauthorized actions. - Command Execution (HIGH): The skill explicitly allows the
Bashtool. When paired with its intended use of analyzing and generating code, there is a high risk that the agent could be manipulated into executing arbitrary shell commands if it encounters adversarial content within the files it reads.
Recommendations
- AI detected serious security threats
Audit Metadata