test-focus
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill dynamically constructs shell commands by interpolating the user-provided file path argument into various test runners such as Playwright, Vitest, Jest, pytest, and cargo. This allows the agent to execute specific test suites based on the detected project environment.
- [EXTERNAL_DOWNLOADS]: The skill uses bunx to execute Node.js based test runners. Bunx is a standard utility that fetches and runs packages from the npm registry, which is a well-known and trusted service for development dependencies.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its input argument. It ingests an untrusted file path string and interpolates it into shell commands without comprehensive sanitization. 1. Ingestion points: The file path argument provided by the user in SKILL.md. 2. Boundary markers: No delimiters or ignore instructions are used for the interpolated variable. 3. Capability inventory: The skill is granted access to the Bash tool, allowing command execution. 4. Sanitization: The skill relies on basic double-quoting in shell templates, which is insufficient to prevent all forms of command injection if the input contains malicious shell metacharacters.
Audit Metadata