Skills
skills/pjt222/development-guides/run-puzzle-tests/Gen Agent Trust Hub

run-puzzle-tests

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute R commands via a hardcoded path to Rscript.exe in a WSL environment. This involves interaction with the host file system (C: and D: drives).
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because user-controlled inputs, such as the 'Filter pattern' and 'Specific test file path', are interpolated directly into R command strings that are then executed via the shell.
  • Ingestion points: User-provided inputs for the test filter pattern and file path (SKILL.md).
  • Boundary markers: Absent; there are no delimiters or instructions to ignore embedded commands within the inputs.
  • Capability inventory: Bash command execution and the ability to write/edit R script files (SKILL.md).
  • Sanitization: No logic is defined to sanitize, escape, or validate the input variables before they are placed into executable command strings.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 07:13 AM