testing-unit
Warn
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses dynamic context injection (the
!commandsyntax) within its script templates (e.g.,scripts/create-msw-handler.md,scripts/create-test-case.md) to execute shell commands such asgrep,find, anddateat runtime. These are used to automatically detect project frameworks and configuration details. - [DATA_EXFILTRATION]: A command in
scripts/create-msw-handler.mdexplicitly searches through sensitive environment files (grep -r "API_URL\|VITE_API\|NEXT_PUBLIC_API" .env*) to extract API base URLs. Accessing .env files is a security concern as they frequently contain secrets, keys, and credentials that should not be exposed to the agent or its context. - [PROMPT_INJECTION]: Indirect prompt injection vulnerability surface detected.
- Ingestion points: User-supplied
$ARGUMENTSin script files (scripts/create-msw-handler.md,scripts/create-test-case.md,scripts/create-test-fixture.md). - Boundary markers: Absent; user input is directly interpolated into markdown and code templates.
- Capability inventory: The agent has access to
Read,Glob,Grep,WebFetch, andWebSearchtools, and executes shell commands via dynamic context. - Sanitization: No sanitization, escaping, or validation is performed on the user-provided arguments before interpolation.
Audit Metadata