improve-coverage
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill has a high-risk attack surface where malicious instructions embedded in the analyzed source code could manipulate the agent.
- Ingestion points: The skill ingests file content or modules via the
$ARGUMENTSvariable (SKILL.md). - Boundary markers: There are no delimiters or 'ignore embedded instructions' warnings to prevent the agent from following instructions found within the code comments or strings of the target files.
- Capability inventory: The skill is authorized to 'Generate coverage report', 'Write tests', and 'Run full test suite' (SKILL.md). These capabilities allow an attacker to achieve code execution or file system persistence if the agent is tricked.
- Sanitization: No sanitization or verification of the target content is performed before processing or execution.
- Command Execution (HIGH): The instructions 'Generate coverage report' and 'Run full test suite' (Phases 1 and 5) necessitate the execution of local shell commands. In an environment where the agent has access to untrusted code, this effectively grants the code the ability to execute commands with the agent's privileges during the testing phase.
Recommendations
- AI detected serious security threats
Audit Metadata