unit-test-generating-unit-tests
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill defines a workflow where an agent processes external source code, requirements, and API specifications (Step 1 in SKILL.md). This creates a vulnerability to indirect prompt injection if the ingested data contains malicious instructions.
- Ingestion points: Processes external code and documentation as defined in SKILL.md.
- Boundary markers: The instructions lack specific delimiters or directions for the agent to ignore instructions embedded within the user-provided data.
- Capability inventory: Although the skill itself is documentation-only, the agent using it may have capabilities (like file writing or execution) that could be exploited if it follows hidden instructions in the code it is analyzing.
- Sanitization: No sanitization or validation of the input content is described or required by the skill.
- [NO_CODE]: The skill consists entirely of Markdown files for documentation and contains no executable scripts, configuration files, or automated tools.
Audit Metadata