platform-apex-test-run

Pass

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface within its agentic test-fix loop functionality.
  • Ingestion points: The hooks/scripts/parse-test-results.py script ingests data from the TOOL_OUTPUT environment variable, which contains the results (including failure messages and stack traces) from the sf apex run test command.
  • Boundary markers: The output of the parsing script does not use explicit delimiters or instructions to the agent to ignore embedded commands within the ingested test messages.
  • Capability inventory: The skill possesses the capability to execute shell commands (sf apex run test) and is designed to delegate code repairs to the sf-apex skill, creating a multi-step execution chain.
  • Sanitization: While the Python script truncates failure messages to 200 characters, it does not perform escaping or validation to prevent instructions embedded in test data (e.g., a malicious test name or error message) from influencing the agent's behavior. This is a common architectural risk in autonomous repair loops and is considered acceptable for the skill's intended purpose.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 26, 2026, 12:50 PM
Security Audit — agent-trust-hub — platform-apex-test-run