test-fixing
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill instructs the agent to execute arbitrary shell commands including
make testanduv run pytest. These commands execute code defined in the project's local environment, which could be maliciously crafted to run unauthorized processes. - [PROMPT_INJECTION] (HIGH): Vulnerable to indirect prompt injection via the processing of untrusted external content.
- Ingestion points: The agent reads and analyzes output from
make test,pytest,git diff, and the contents of the codebase itself. - Boundary markers: None. There are no delimiters or instructions to ignore embedded commands within the data being analyzed.
- Capability inventory: The skill possesses both file-write capabilities (via the 'Edit tool') and command execution capabilities (
make,pytest,uv). - Sanitization: None. The agent is directed to 'Analyze output' and 'Implement fix' without validation, meaning a malicious test failure message could trick the agent into performing harmful code modifications or executing secondary malicious commands.
Recommendations
- AI detected serious security threats
Audit Metadata