test-fix
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection. It is designed to ingest and act upon external, potentially untrusted data including project source code and pytest failure outputs.\n
- Ingestion points: Processes arbitrary project files and command-line output from the test runner (SKILL.md).\n
- Capability inventory: Includes the ability to execute shell commands (
pytest) and modify source code (SKILL.md Instructions step 5).\n - Boundary markers: Absent. There are no instructions to distinguish between the skill's own logic and instructions that might be embedded in the code or logs being processed.\n
- Sanitization: None. The agent is not directed to sanitize or validate inputs before execution.\n- [COMMAND_EXECUTION] (MEDIUM): The skill provides explicit instructions to execute shell commands (
pytest tests/<file> -v). While this is the intended functionality for a test-fix tool, the combination of execution capability with the lack of input validation poses a significant risk if the agent is manipulated by malicious content within the repository.
Recommendations
- AI detected serious security threats
Audit Metadata