code-test
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands to inspect repository state (using 'jj') and run tests (via 'npm', 'pytest', 'go', or 'cargo'). It also dynamically discovers and runs scripts within 'bin/' directories or task runners like 'make', 'just', or 'task'.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it ingests instructions from potentially untrusted project files. 1. Ingestion points: Reads 'README.md', 'CONTRIBUTING.md', 'CLAUDE.md', 'AGENTS.md', 'GEMINI.md', 'CODEX.md', 'Makefile', 'justfile', 'Taskfile.yml', and 'package.json'. 2. Boundary markers: Absent; there are no specific instructions to ignore malicious directives embedded in these data sources. 3. Capability inventory: The agent is authorized to execute arbitrary shell commands and perform file system writes to resolve test failures. 4. Sanitization: Absent; command strings extracted from local configuration files are executed without secondary validation or sanitization.
Audit Metadata