test-skill
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests third-party SKILL.md files and uses their content to drive subagent behavior and test generation.
- Ingestion points: Reads skill definitions from local directories and plugin cache paths (~/.claude/plugins/cache/).
- Boundary markers: Absent. Subagent instructions do not utilize delimiters or specific instructions to ignore embedded commands within the ingested skill content.
- Capability inventory: Spawns subagents, writes JSON report files to the filesystem, and executes shell commands for workspace management.
- Sanitization: No sanitization or content validation is performed on the data read from external skills.
- [PROMPT_INJECTION]: The documentation for headless mode explicitly suggests using the --permission-mode bypassPermissions flag, which encourages users to disable built-in safety controls and permission prompts during automation.
- [COMMAND_EXECUTION]: The skill executes shell commands (mkdir -p, date) to prepare and organize test workspaces, using paths and names derived from skill identifiers.
Audit Metadata