finalrun-test-and-fix
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill orchestrates the execution of the finalrun CLI tool (including check, test, and suite commands) to validate application behavior. These operations are core to the vendor's intended functionality.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it reads and acts upon data from external sources such as application logs and test execution artifacts.
- Ingestion points: The agent triages failures by reading result.json, actions/ metadata, device.log, and runner.log.
- Boundary markers: There are no specific delimiters or instructions defined to isolate the content of these logs from the agent's control logic.
- Capability inventory: The skill has the capability to modify repository source code and test YAML files, and to invoke further CLI commands via sibling skills (finalrun-generate-test and finalrun-use-cli).
- Sanitization: No sanitization or verification steps are specified for the log content before it influences code modification decisions.
Audit Metadata