discover
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill explicitly instructs the agent to execute shell commands using the
helpmetest <command>pattern as a fallback when MCP tools are unavailable. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and process untrusted data from various external sources.
- Ingestion points: The skill reads content from live URLs, PRDs, API specifications, tickets, and existing codebases to identify features.
- Boundary markers: No explicit delimiters or instructions are provided to the agent to ignore or treat embedded instructions within the source material as data rather than commands.
- Capability inventory: The agent has access to a suite of MCP tools (
mcp__helpmetest-*) and can execute arbitrary subcommands via thehelpmetestCLI. - Sanitization: There is no evidence of sanitization or validation performed on the external content before it is processed by the agent to create artifacts.
Audit Metadata