Test Coverage Analyzer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is susceptible to indirect prompt injection because it ingests untrusted data from local source files using the 'Read' and 'Grep' tools. Since the skill also has 'Bash' tool access, malicious instructions hidden in the code being analyzed (e.g., in comments or string literals) could trick the agent into executing unauthorized system commands. Ingestion points: 'Read' and 'Grep' tool usage on local files; Boundary markers: None present; Capability inventory: 'Bash' tool usage; Sanitization: No sanitization of file content is defined.- Command Execution (MEDIUM): The skill is configured to use the 'Bash' tool to run 'xcodebuild'. While this is aligned with its stated purpose of test coverage analysis, the availability of a shell environment creates a high-impact attack surface if the agent's instructions are overridden via indirect prompt injection.
Recommendations
- AI detected serious security threats
Audit Metadata