Skills
skills/evans-sam/skills/write-a-test-plan/Gen Agent Trust Hub

write-a-test-plan

Pass

Audited by Gen Agent Trust Hub on Mar 23, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests data from potentially untrusted external sources (Linear issues, Figma comments, Notion docs) and processes them to generate instructions and test plans.
  • Ingestion points: PRDs, implementation plans, triage documents, Linear issues, Figma designs, and Notion documents (found in SKILL.md steps 1 and 2).
  • Boundary markers: The prompt lacks explicit delimiters or instructions to ignore embedded commands within the sourced documents.
  • Capability inventory: The skill utilizes the Agent tool (Explore type) to read codebase details, uses MCP tools to fetch external data, and has the capability to write files to local or remote destinations (found in SKILL.md steps 3 and 6).
  • Sanitization: No sanitization or validation logic is defined to filter malicious instructions from the retrieved context.
  • [DATA_EXFILTRATION]: The skill is designed to extract architectural details from the codebase, including service dependencies (APIs, databases), CI/CD configurations, and environment variables. While the delivery of the final plan involves user approval, the process involves aggregating sensitive project metadata into a format that is then transmitted to external destinations like GitHub wikis or Confluence pages.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 23, 2026, 06:03 PM