test-analyze
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by ingesting and processing untrusted data from test results.
- Ingestion points: The skill reads test result files in various formats (XML, JSON, HTML, text) from a user-provided path via the Read tool.
- Boundary markers: The prompt lacks explicit delimiters or instructions to treat external data as non-executable text, increasing the risk that the model might follow instructions embedded in the test reports during analysis.
- Capability inventory: The skill utilizes the Task tool for subagent delegation and possesses filesystem access capabilities via the Read, Glob, Grep, and TodoWrite tools.
- Sanitization: No sanitization or content validation is performed on the ingested test data before it is passed to the planning model (mcp__pal__planner) or delegated to subagents.
Audit Metadata