testing-integration
Warn
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The file
scripts/create-integration-test.mdcontains multiple dynamic context injection patterns using the!commandsyntax. These patterns trigger automated shell execution of commands such asgrepandfindwhen the skill is processed, bypassing standard user review for tool execution.\n- [DATA_EXFILTRATION]: Within the dynamic context blocks inscripts/create-integration-test.md, the commandgrep -r "test_database\\|TEST_DB" .env*performs a recursive search across environment files. Accessing.envfiles is a high-risk operation as it can expose hardcoded credentials, API keys, and other secrets to the agent's context.\n- [PROMPT_INJECTION]: The skill provides explicit behavioral instructions inrules/verification-techniques.mdunder the 'Evidence Verification' section. These instructions mandate specific evidence collection protocols (e.g., exit codes, coverage targets) that override the agent's default logic for determining task completion.\n- [PROMPT_INJECTION]: An indirect prompt injection surface is identified as the skill is designed to ingest and process untrusted data from project files and external web sources. \n - Ingestion points: Uses
Read,Glob, andGreptools on local project files, andWebFetch/WebSearchfor external content.\n - Boundary markers: The skill does not define specific delimiters or warnings to ignore embedded instructions in the processed data.\n
- Capability inventory: The agent has access to file system tools, web search tools, and automated shell command execution.\n
- Sanitization: No sanitization or validation logic is present to filter malicious instructions from the ingested content.
Audit Metadata