smoke-test
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of arbitrary shell commands in the terminal for starting development servers and testing CLI tools. Evidence: Step 4 (CLI Path) instructs to 'Run commands directly' and Step 3 mentions 'Dev server command: [command]'.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted data from external sources that can influence the agent's plan and execution.
- Ingestion points: Step 1 involves fetching pull request details (titles, descriptions, comments) and reading project files (README, entry points, routes) to determine testing scope.
- Boundary markers: The instructions lack explicit delimiters or 'ignore' instructions when processing these data sources, meaning instructions embedded in a PR could be followed by the agent.
- Capability inventory: The agent has high-privilege capabilities including shell execution, browser control ('claude-in-chrome'), and UI interaction ('computer-use').
- Sanitization: No sanitization or validation of the ingested content is performed before the agent uses it to plan and execute tests.
Audit Metadata