test-designer
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface by ingesting and processing untrusted data to generate executable code.
- Ingestion points: Requirement descriptions and code file paths are collected in Step 1 to build the dispatch package.
- Boundary markers: The dispatch skeleton uses basic XML-like placeholders (e.g., ) which are insufficient to prevent a sub-agent from following adversarial instructions embedded in the requirements.
- Capability inventory: The sub-agent has 'Write' access to test files, and the main workflow (Step 4) involves executing those files.
- Sanitization: No sanitization or verification of the requirement text or file contents is performed before dispatching.
- [COMMAND_EXECUTION]: The skill's core validation step (Step 4) mandates the execution of dynamically generated code. If the sub-agent is influenced to include malicious payloads in the test files (e.g., via shell injection or malicious logic in assertions), these will be executed with the user's privileges when the tests are run.
Audit Metadata