test-case-reviewer
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) because it is designed to ingest and analyze untrusted external data (test cases).
- Ingestion points: Data enters the agent context through the instructions in
prompts/test-case-reviewer.mdwhich asks the AI to process provided test cases. - Boundary markers: The skill lacks explicit delimiters or instructions to ignore potential commands embedded within the test case content being reviewed.
- Capability inventory: The skill includes several Python scripts (
scripts/batch_convert_templates.py,scripts/convert_formats.py, etc.) that usesubprocess.callto execute local conversion tasks. These scripts do not have network access or sensitive file system capabilities. - Sanitization: There is no evidence of sanitization or validation of the input data before it is processed by the AI.
- [COMMAND_EXECUTION]: Several utility scripts in the
scripts/directory utilize thesubprocessmodule to chain execution between local Python files. - Evidence:
scripts/batch_convert_templates.pyusessubprocess.call([sys.executable, str(local_convert), ...])to run the conversion engine. - Evidence: Wrapper scripts like
scripts/convert_to_csv.pyandscripts/parse_json.pyusesubprocess.callto invokeconvert_formats.pyorparse_formats.pywith specific flags.
Audit Metadata