testing-unit
Warn
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXPOSURE_EXFILTRATION]: The script
scripts/create-msw-handler.mdcontains a shell commandgrep -r "API_URL\|VITE_API\|NEXT_PUBLIC_API" .env*which searches all environment files in the project. Environment files typically contain sensitive information such as API keys and database credentials. Accessing these files is a security risk as it could lead to the exposure of secrets to the agent context. - [COMMAND_EXECUTION]: The skill makes extensive use of the
!shell execution prefix in its script files (create-msw-handler.md,create-test-case.md, andcreate-test-fixture.md). These scripts execute commands likegrep,find,date, andpython --versionon the host machine to gather context for template generation. This provides a mechanism for local command execution based on skill instructions. - [INDIRECT_PROMPT_INJECTION]: The skill demonstrates a surface for indirect prompt injection because it ingests data from untrusted local project files.
- Ingestion points: Files like
package.json,.env*, and source files are read usinggrepandfindin thescripts/directory. - Boundary markers: None are present to distinguish between project data and instructions.
- Capability inventory: The agent has the capability to execute shell commands (
!) and write files based on the output of these reads. - Sanitization: There is no evidence of sanitization or escaping of the content found within project files before it is interpolated into the code templates.
Audit Metadata