fullstack-testing
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill possesses a high-risk surface for indirect prompt injection due to its core function of reading source files and generating output files.
- Ingestion points: The 'target' parameter allows the agent to ingest the content of local source files (e.g., source code to be tested).
- Boundary markers: The skill definition does not include delimiters or specific instructions to isolate the model from instructions potentially embedded in the source code.
- Capability inventory: The skill returns structured file paths and content which an agent would typically write to the filesystem, creating a potential path for unauthorized file modification or creation.
- Sanitization: No input validation or sanitization of the source code content is performed prior to processing.
Recommendations
- AI detected serious security threats
Audit Metadata