testing-patterns
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The test_runner.py script facilitates execution of instructions defined in untrusted project files. Ingestion points: reads package.json scripts and dependency lists in the target directory. Boundary markers: None present. Capability inventory: executes npm test, npx, and pytest via subprocess.run. Sanitization: No validation is performed on the commands retrieved from the project configuration. An attacker can provide a package.json with a malicious 'test' script (e.g., using command chaining or shell pipes) which will be executed by the skill.
- [COMMAND_EXECUTION] (HIGH): The skill enables the execution of arbitrary system code through the test runner. While functionally necessary for testing, the lack of isolation or verification means that any code contained within the tests or the test configuration files is executed with the agent's privileges.
Recommendations
- AI detected serious security threats
Audit Metadata