test-harness
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions specify the use of 'git diff --name-only HEAD~5' during its reconnaissance phase to identify recently modified files. While this is a standard developer workflow, it involves executing local shell commands to gather metadata about the repository.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection (Category 8).
- Ingestion points: The agent is instructed to read and analyze user-provided Python functions, classes, modules, and project-specific files like 'CLAUDE.md' or 'conftest.py'.
- Boundary markers: The instructions do not define specific delimiters or security headers to separate untrusted source code content from the agent's instructions.
- Capability inventory: The skill is capable of reading local files and writing new Python script files (e.g., 'tests/test_{module}.py').
- Sanitization: There is no mention of sanitizing docstrings, comments, or configuration data which could contain malicious payloads designed to influence the generated code or subsequent agent actions.
Audit Metadata