agent-tester
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill executes local test suites which allows for arbitrary code execution in the agent's environment.
- Evidence: The 'post' hook in SKILL.md contains
npm test -- --reporter=json 2>$dev$null | jq .... - Risk: If the agent is used to test code from untrusted sources (e.g., a pull request containing malicious tests), it will execute that code with the permissions of the agent process.
- [PROMPT_INJECTION] (MEDIUM): Direct shell interpolation of untrusted input variables.
- Evidence: The 'pre' hook uses
echo "๐งช Tester agent validating: $TASK". - Risk: The '$TASK' variable is likely derived from user or other agent input. If this variable contains shell metacharacters or command substitutions, it could lead to unintended command execution, even if 'echo' is used.
- [INDIRECT_PROMPT_INJECTION] (HIGH): Vulnerability surface for processing untrusted data with execution capabilities (Category 8).
- Ingestion points: The '$TASK' variable and the local filesystem (checking for 'jest.config.js').
- Boundary markers: None. No delimiters or instructions are used to prevent the agent from obeying instructions embedded in the code it is testing.
- Capability inventory: Shell execution (hooks) and 'npm test' (test runner).
- Sanitization: None detected for the interpolated variables.
Recommendations
- AI detected serious security threats
Audit Metadata