test

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill is designed to read and execute shell commands specified in the claude/build.md file. While this is the intended primary function for a testing automation tool, it provides the agent with the capability to execute arbitrary commands defined in that file.
  • [INDIRECT_PROMPT_INJECTION]: The skill demonstrates an indirect prompt injection surface because it executes instructions (commands) retrieved from an external data source without prior validation or sanitization.
  • Ingestion points: The skill reads the content of claude/build.md to determine the command to run.
  • Boundary markers: No explicit boundary markers or instruction-ignoring delimiters are used when processing the command from the file.
  • Capability inventory: The skill utilizes shell execution capabilities to run test suites and analyze their output.
  • Sanitization: There is no evidence of command sanitization or integrity checking of the configuration file source.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 09:20 PM
Security Audit — agent-trust-hub — test