test-helpers
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by processing external data from the local project repository to influence its code generation logic.
- Ingestion points: The skill reads content from existing test files (
tests/**/*_test.*), design documents (design/gdd/*.md), and architecture registries (docs/architecture/tr-registry.yaml) to extract patterns. - Boundary markers: No explicit delimiters or instructions are provided to the agent to differentiate between data and potentially malicious instructions embedded within the project files.
- Capability inventory: The skill uses
Read,Glob,Grep, andWritetools to inspect the environment and create new helper scripts in thetests/helpers/directory. - Sanitization: The instructions do not define any sanitization, escaping, or validation steps for the content extracted from project files before it is interpolated into the generated code templates.
- [REMOTE_CODE_EXECUTION]: The skill performs dynamic script generation based on project context and predefined templates.
- Evidence: The skill generates executable source code for Godot (GDScript), Unity (C#), and Unreal Engine (C++). While the agent does not execute the generated code itself, it writes these files to the local file system using the
Writetool.
Audit Metadata