senior-qa
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is highly vulnerable to indirect prompt injection. 1. Ingestion points: The scripts
test_suite_generator.pyandcoverage_analyzer.pyingest untrusted project source code. 2. Boundary markers: None are present in the skill documentation to delimit data from instructions. 3. Capability inventory: The skill has high-privilege capabilities includingkubectl apply,docker build, and automated file writing ('fixes'). 4. Sanitization: No sanitization of ingested code content is mentioned. - [Unverifiable Dependencies & Remote Code Execution] (MEDIUM): The setup instructions utilize
npm installandpip installto fetch dependencies from public registries without integrity checks or version pinning in the main file, posing a supply chain risk. - [Dynamic Execution] (MEDIUM): The skill documentation describes 'automated fixes' generated by the coverage analyzer, implying the modification or generation of executable code at runtime based on analyzed content.
Recommendations
- AI detected serious security threats
Audit Metadata