property-based-testing
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): Recommends downloading binary executables from non-whitelisted GitHub repositories, specifically
github.com/crytic/echidna. - REMOTE_CODE_EXECUTION (HIGH): Suggests direct remote installation and execution of tools from non-whitelisted sources via
go install github.com/crytic/medusa@latest. - PROMPT_INJECTION (HIGH): High susceptibility to indirect prompt injection (Category 8) as the skill's purpose involves processing untrusted user code and generating executable responses.
- Ingestion points: Processes local codebase patterns and test failure logs as seen in
SKILL.mdandinterpreting-failures.md. - Boundary markers: Fails to define clear boundary markers or instructions to disregard directives embedded in the analyzed code.
- Capability inventory: Has the authority to generate new test files (
generating.md), suggest refactors (refactoring.md), and propose shell command execution. - Sanitization: No sanitization or safety-filtering of ingested code content is specified before it is interpolated into the agent's logic.
- COMMAND_EXECUTION (MEDIUM): Recommends the execution of shell commands and test runners like
pytest,rg, andgrepon the host system without specific safety constraints.
Recommendations
- AI detected serious security threats
Audit Metadata