unit-test-loop
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Indirect Prompt Injection vulnerability. The skill is designed to ingest and analyze untrusted external data (project source code) to prioritize test tasks. 1. Ingestion points: Project files and coverage data are read in Phase 1. 2. Boundary markers: None; the instructions do not provide delimiters to separate code content from instructions. 3. Capability inventory: The skill uses 'dex' for task management and triggers shell commands for coverage analysis. 4. Sanitization: None; there is no validation or filtering of content read from source files.
- [COMMAND_EXECUTION] (MEDIUM): The skill involves executing shell-based commands for task tracking (
dex create,dex list) and environment checking (git branch). These capabilities, when combined with the analysis of untrusted source code, provide an execution vector for injected instructions.
Recommendations
- AI detected serious security threats
Audit Metadata