test
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes instructions from external plan.md and spec.md files to generate and run tests, which represents an indirect prompt injection surface. Mandatory Evidence Chain: 1. Ingestion points: Files plan.md and spec.md are read in Phases 1 and 2 to extract test criteria. 2. Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the ingestion prompts. 3. Capability inventory: The skill can create/modify test files and execute shell commands via test runners such as vitest or npm. 4. Sanitization: There is no evidence of validation or filtering of the content read from external files.
- [COMMAND_EXECUTION]: The skill invokes local test runners such as vitest, npm test, and dotnet test. This is standard behavior for a testing tool and is used to verify code against expectations.
- [SAFE]: The skill includes strong negative constraints, such as a strict prohibition against modifying business source code and a requirement to only operate within test directories.
Audit Metadata