test-hardening
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): Vulnerable to Indirect Prompt Injection. The skill generates executable code from untrusted external content (QA verification reports) and then executes that code. An attacker controlling the criteria descriptions could inject malicious payloads into the generated test scripts.
- Ingestion points: Verification reports (G#N, AC#N) in Phase 1.
- Boundary markers: Absent; no delimiters or instructions are used to separate user data from the code templates.
- Capability inventory: Writing files to the local filesystem (Phases 2-4) and executing shell commands (Phase 5).
- Sanitization: Absent; descriptions are directly interpolated into TypeScript templates.
- COMMAND_EXECUTION (MEDIUM): Executes shell commands to run test suites. While these are standard tools, the risk is elevated because the tests being run are dynamically generated from untrusted inputs.
- Evidence: Phase 5 executes
npm run test,npm run storybook, andnpx playwright test.
Recommendations
- AI detected serious security threats
Audit Metadata