test-quality-analysis
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is susceptible to Indirect Prompt Injection (Category 8). It is designed to ingest and analyze external, untrusted content (source code and test files) while having access to dangerous tools.
- Ingestion points: The skill uses
Read,Glob, andGrepto ingest codebase content for analysis. - Boundary markers: No explicit delimiters or instructions are provided to the agent to ignore embedded instructions within the files it reads.
- Capability inventory: The skill is allowed to use
Bash,Write, andEdittools. This allows the agent to execute arbitrary shell commands and modify local files. - Sanitization: There is no evidence of sanitization or filtering of the content read from external files before processing.
- Risk: An attacker could place a malicious instruction in a test file (e.g., in a comment) that instructs the agent to use the
Bashtool to exfiltrate data or modify the system. - COMMAND_EXECUTION (MEDIUM): The skill documentation explicitly encourages the use of the
Bashtool to run test coverage reports (bun test,uv run pytest). While these are standard development tasks, the lack of constraints on what commands can be executed via the Bash tool poses a risk if the agent is influenced by malicious data.
Recommendations
- AI detected serious security threats
Audit Metadata