propagate
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes external Allium specification files and CLI output to generate executable test code, which presents an attack surface where malicious instructions in a spec could influence the agent's behavior or the generated output.\n
- Ingestion points: Reads
.alliumspecification files and JSON data from thealliumCLI tool (allium plan,allium model).\n - Boundary markers: The instructions lack explicit boundary markers or "ignore embedded instructions" warnings when processing specifications.\n
- Capability inventory: The agent has capabilities to read the codebase for exploration and write new test files to the filesystem.\n
- Sanitization: No validation or sanitization steps are defined for the input specifications before they are used to influence code generation.\n- [COMMAND_EXECUTION]: The skill instructs the agent to execute specific CLI tools as part of the test generation workflow.\n
- Evidence: The agent is directed to use
allium plan <spec>andallium model <spec>to retrieve test obligations and domain models. These are identified as resources related to the author's own Allium technology and ecosystem.
Audit Metadata