generate-tests
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it reads and processes existing project source code which may contain adversarial instructions.
- Ingestion points: Target source files are accessed using the Read and Grep tools during the analysis phase.
- Boundary markers: There are no explicit delimiters or instructions provided to the agent to ignore embedded commands within the processed files.
- Capability inventory: The skill has the ability to write new files and execute arbitrary shell commands via the Bash tool (xcodebuild).
- Sanitization: No input validation or sanitization is performed on the code content before it is used to generate tests.
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute xcodebuild, which runs the newly generated or modified test code on the local system.
Audit Metadata