tester
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8). It is explicitly instructed to read and analyze source code files (src/component.py) to understand component behavior. Without boundary markers or instructions to ignore embedded prompts, the agent could obey malicious instructions hidden in code comments or strings. Given the agent has the 'Bash' and 'Write' tools, this could lead to full system compromise. \n
- Ingestion points: src/component.py, test data directories. \n
- Boundary markers: Absent. \n
- Capability inventory: Bash, Write, Edit, Read, Glob, Grep. \n
- Sanitization: Absent. \n- [COMMAND_EXECUTION] (HIGH): The skill instructions involve executing 'uv run pytest' (Category 4/10). This performs dynamic execution of the code being tested. If an attacker provides a malicious component or test file, the agent will execute that code with its own privileges. \n- [CREDENTIALS_UNSAFE] (LOW): The skill provides patterns for handling configuration files (config.json) that include sensitive placeholders like '#api_key'. While the documentation advises against real credentials, the agent's ability to read and manipulate these files poses a risk of accidental data exposure.
Recommendations
- AI detected serious security threats
Audit Metadata