test
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
$ARGUMENTSplaceholder directly within shell command blocks (e.g.,npm run test -- $ARGUMENTS). This configuration can be exploited if the agent executes the command without sanitizing the user-supplied input, potentially allowing the execution of arbitrary commands via shell metacharacters. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted data from the local environment.
- Ingestion points: The agent is instructed to parse test output and read failing test files to identify issues (SKILL.md).
- Boundary markers: There are no defined delimiters or instructions provided to the agent to treat the test output as data rather than instructions.
- Capability inventory: The skill is configured with powerful capabilities including
Bash,Write,Edit, andRead, which could be abused if an attacker places malicious instructions inside a test file or a mock test failure output. - Sanitization: The skill does not implement any validation or filtering of the test results before the agent analyzes them to propose fixes or execute further commands.
Audit Metadata