test
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of local scripts and binaries. Evidence: SKILL.md instructs the agent to run .claude/skills/test/run-tests.sh and use grep in the test/ directory. Evidence: run-tests.sh executes ~/bin/eldev with user-provided arguments. The script uses bash arrays and proper quoting to prevent command injection.
- [PROMPT_INJECTION]: The skill reports raw test output, which is a potential surface for indirect prompt injection. Ingestion points: Test results and error logs are captured from the eldev runner. Boundary markers: None identified. Capability inventory: Local shell and binary execution. Sanitization: No sanitization is applied to the output.
Audit Metadata