recipe-add-integration-tests
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool in Step 1 to execute
ls $ARGUMENTS. If the input provided to the skill's arguments contains shell metacharacters and is not properly sanitized by the platform, it could lead to command injection or directory traversal. - [PROMPT_INJECTION]: The skill processes untrusted external data from a Design Doc to drive the behavior of subagents in Steps 2, 4, and 5, creating an indirect prompt injection surface.
- Ingestion points: The Design Doc is retrieved from a path specified in
$ARGUMENTSor found indocs/design/*.mdduring Step 1. - Boundary markers: There are no explicit boundary markers or instructions to ignore embedded commands when the design doc content or path is passed to subagents.
- Capability inventory: The skill can execute local bash commands and invoke specialized subagents including
task-executorandquality-fixerwhich have code-writing and execution capabilities. - Sanitization: No sanitization or content validation is performed on the Design Doc before it influences the testing workflow.
Audit Metadata