code-assist
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the
task_descriptionparameter, which can be an external URL. - Ingestion points:
task_descriptionparameter inSKILL.md. - Boundary markers: No delimiters or warnings are used for content fetched from URLs.
- Capability inventory: Subprocess calls for build and test execution in
Step 4. - Sanitization: Input from URLs is not sanitized or filtered.
- [COMMAND_EXECUTION]: The skill performs local command execution during the build and test phases of the TDD workflow in
Step 4.4. If the code being tested was generated based on malicious instructions from a URL, it could result in the execution of unintended commands.
Audit Metadata