manual-testing
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's workflow involves executing various system commands (e.g., npm run build, cargo test, curl) to verify the state of the user's project. While these are necessary for the skill's functionality, they provide a execution capability that could be leveraged by an attacker.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from local files and conversation history to determine which commands to run and what to verify.
- Ingestion points: The workflow in SKILL.md requires analyzing recent file changes and conversation history to identify testing needs.
- Boundary markers: There are no markers or instructions to isolate or ignore instructions that might be embedded in the analyzed code or documentation.
- Capability inventory: The skill allows for broad shell command execution, file system access, and network requests to localhost.
- Sanitization: There is no evidence of sanitization, filtering, or validation performed on the content read from files before it influences agent behavior.
Audit Metadata