robotframework-testcase-builder
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill transforms untrusted JSON input into executable Robot Framework syntax.\n
- Ingestion points:
scripts/testcase_builder.pyreads JSON from stdin or local files via the--inputflag.\n - Boundary markers: Absent. The script does not use delimiters or instructions to distinguish between the template structure and untrusted data during rendering.\n
- Capability inventory: While the skill has no direct side effects (e.g., subprocess execution or network calls), its output is a high-privilege artifact intended for execution by test runners.\n
- Sanitization: Lacks keyword filtering. Malicious keywords such as
OperatingSystem.RunorExecute Commandcan be injected via the input data to execute arbitrary shell commands when the test is run.\n- [Data Exposure & Exfiltration] (LOW): Accesses the local file system using a path provided in command-line arguments.\n - Evidence:
scripts/testcase_builder.pyline 16 usesopen(path, "r")on the--inputargument.\n - Risk: An attacker could trick the agent into reading sensitive JSON files (e.g., configuration files), though non-JSON files will cause the script to error out during parsing.
Audit Metadata