platform-apex-test-run
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface within its agentic test-fix loop functionality.
- Ingestion points: The
hooks/scripts/parse-test-results.pyscript ingests data from theTOOL_OUTPUTenvironment variable, which contains the results (including failure messages and stack traces) from thesf apex run testcommand. - Boundary markers: The output of the parsing script does not use explicit delimiters or instructions to the agent to ignore embedded commands within the ingested test messages.
- Capability inventory: The skill possesses the capability to execute shell commands (
sf apex run test) and is designed to delegate code repairs to thesf-apexskill, creating a multi-step execution chain. - Sanitization: While the Python script truncates failure messages to 200 characters, it does not perform escaping or validation to prevent instructions embedded in test data (e.g., a malicious test name or error message) from influencing the agent's behavior. This is a common architectural risk in autonomous repair loops and is considered acceptable for the skill's intended purpose.
Audit Metadata