write-tests
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from local files (such as README.md, package.json, and source code) and git diff output to guide its operations.
- Ingestion points: The workflow reads project documentation, configuration files, and modified source code to understand logic and testing needs.
- Boundary markers: Untrusted content is interpolated directly into sub-agent prompts via placeholders like {GIT_DIFF_OUTPUT} and {FILE_PATH} without clear delimiters to isolate user-controlled data.
- Capability inventory: The agent has the capability to write new files and execute arbitrary shell commands derived from project configuration.
- Sanitization: No sanitization or escaping of the ingested file content is performed before passing it to sub-agents, allowing embedded instructions to potentially influence agent behavior.
- [COMMAND_EXECUTION]: The skill identifies and executes commands for running tests and generating coverage reports directly from project configuration files (e.g., package.json). This results in the execution of arbitrary scripts defined within the local environment's codebase.
Audit Metadata