write-tests
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it is designed to read and process untrusted external data (source code) and act upon it with high-privilege tools.\n
- Ingestion points: The skill uses
ReadandGreptools to ingest content from specified targets or git diffs (implied inSKILL.md).\n - Boundary markers: Absent. There are no specified delimiters or instructions to treat the ingested code as data only.\n
- Capability inventory: The skill is allowed to use
Bash,Write, andEdit, providing a path to system-level execution and persistent file modification.\n - Sanitization: Absent. The instructions do not include any steps for sanitizing or escaping the content of the files being tested before generating new test code.\n- [COMMAND_EXECUTION] (HIGH): The skill is explicitly instructed to 'Always run tests after creating them'. If the agent is tricked into writing a test that contains a malicious payload (e.g., a reverse shell in a pytest fixture), the instruction to execute the tests will trigger the payload via the
Bashtool.
Recommendations
- AI detected serious security threats
Audit Metadata