test-driven-development
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill possesses a high-risk attack surface by processing untrusted data while having write and execute permissions. * Ingestion points: Project source code and test files mentioned in the process (e.g., .exs, .tsx) and user requirements. * Boundary markers: Absent; there are no instructions to disregard or sanitize embedded malicious content within the code files or requirements. * Capability inventory: Bash (arbitrary command execution), Write/Edit (filesystem modification). * Sanitization: Absent; the agent executes tests directly on the codebase using shell commands.
- [Command Execution] (MEDIUM): The skill explicitly authorizes 'Bash' usage for running tests (e.g., 'mix test', 'yarn test'). This provides a direct mechanism for executing arbitrary shell commands on the host environment if the agent's instructions are subverted by malicious input files.
Recommendations
- AI detected serious security threats
Audit Metadata