test
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to automatically identify and execute arbitrary test runners and quality check tools (such as
npm,pytest,cargo, andnpx) via theBashtool based on its discovery of configuration files likepackage.jsonorMakefile. - [DATA_EXFILTRATION]: In
SKILL.mdandreference/output-format.md, the agent is explicitly instructed to "Report actual output honestly — show real results, not summaries." This verbatim reporting requirement creates a high risk of exposing sensitive data, such as API keys, environment variables, or database connection strings, if they are printed to the console during test execution or failure. - [PROMPT_INJECTION]: The skill establishes an 'Ownership Mandate' which forces the agent into a state of extreme compliance, requiring it to fix all failing tests regardless of origin. This behavioral constraint increases the likelihood of the agent following malicious instructions if they are encountered within the codebase it is assigned to repair.
- [PROMPT_INJECTION]: This skill presents a significant surface for indirect prompt injection:
- Ingestion points: The agent ingests untrusted data by using
Read,Glob, andGrepto scan project files, source code, and test definitions across the entire filesystem. - Boundary markers: There are no boundary markers or instructions to disregard embedded commands when reading and processing external files.
- Capability inventory: The agent possesses high-privilege capabilities including arbitrary command execution via
Bash, file modification viaEditandWrite, and sub-task management viaTeamCreateandTaskCreate. - Sanitization: The skill lacks any mechanism to sanitize or validate the content of the files it reads before that content is used to determine its next actions or code modifications.
Audit Metadata