improving-test-suites
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
test-validatorsubagent (subagents/test-validator.md) is designed to execute shell commands provided by the user via theTEST_COMMANDinput. This is the primary mechanism for validating that refactored tests pass as expected. - [EXTERNAL_DOWNLOADS]: The skill fetches testing best practices and security guidance from several well-known and trusted external organizations listed in
references/external-sources.md. These include official documentation and blogs from Google, Microsoft, Martin Fowler, OWASP, and Kent C. Dodds. These resources are used to provide the AI with context for making informed testing decisions. - [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection (Category 8) because it is designed to ingest and process the content of user-specified files (
TARGET_TEST_FILES). - Ingestion points: Target source files are read and analyzed in
subagents/test-value-reviewer.mdandsubagents/test-refactorer.md. - Boundary markers: The instructions do not employ explicit delimiters or instructions to ignore embedded commands within the analyzed code files.
- Capability inventory: The agent has the capability to execute arbitrary shell commands via
subagents/test-validator.mdand write to the file system viasubagents/test-refactorer.md. - Sanitization: There is no explicit sanitization or filtering of the ingested file content before it is processed by the AI.
Audit Metadata