fix-test
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a vulnerability to indirect prompt injection through the processing of the
$ARGUMENTSvariable in the 'Reported Issues' section. - Ingestion points: The
<issues>$ARGUMENTS</issues>block inSKILL.mdallows untrusted content from the task description or user input to enter the agent's context. - Boundary markers: While the skill uses XML-style tags (
<issues>) to encapsulate the input, it lacks explicit instructions telling the agent to treat the content strictly as data and to ignore any conflicting instructions within that block. - Capability inventory: The skill grants the agent significant capabilities, including reading project entities/models, invoking various sub-agents (tester, debugger, planner, code-reviewer), writing code changes, and executing the
/prove-fixcommand. - Sanitization: There is no evidence of sanitization, validation, or filtering of the injected content before it is processed by the agent.
Audit Metadata