testing
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill reviews untrusted source code and has the capability to execute commands based on its analysis. * Ingestion points: The skill reviews external code files to identify frameworks and design test cases (SKILL.md). * Boundary markers: No specific delimiters or 'ignore instructions' warnings are defined for the code review process. * Capability inventory: The skill includes an 'Execute' step to run generated test suites (SKILL.md). * Sanitization: No sanitization logic is provided to prevent malicious comments in tested code from influencing agent actions.
- [Command Execution] (LOW): The skill's core purpose involves running shell commands to execute tests and verify results. This behavior is expected for a testing utility but constitutes a surface for command execution risks.
Audit Metadata