test-generator
Fail
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: CRITICALPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill analyzes local source code and configuration files to generate test skeletons, creating an ingestion surface for untrusted data. 1. Ingestion points: package.json and target source files. 2. Boundary markers: None identified. 3. Capability inventory: File reading and code generation. 4. Sanitization: None.
- Safe (SAFE): The automated scanner alert for 'wrapper.fi' is a false positive caused by the presence of 'wrapper.find()' in the code examples, which contains the flagged domain as a substring.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata