fix-tests
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructs the agent to read
.helpmetest/SOUL.mdto define its character. This file is part of the processed repository and could contain malicious instructions designed to override agent behavior or bypass safety constraints. - [DATA_EXFILTRATION]: The skill automatically executes
git logandgit diffto collect project history and current changes. While used for context discovery, this results in the exposure of source code and commit metadata to the agent's context. - [COMMAND_EXECUTION]: The skill uses shell commands via bash for git operations and employs specialized tools like
helpmetest_run_interactive_commandto execute sequences of interactive actions. These execution capabilities are driven by interpretations of potentially untrusted data such as test failure logs. - [PROMPT_INJECTION]: Indirect Prompt Injection Surface Analysis:
- Ingestion points: The agent reads
.helpmetest/SOUL.md, git logs, git diffs, and the output of various test-related artifacts and status tools. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands within the ingested data are present in the skill definition.
- Capability inventory: The skill can execute shell commands (git), write/modify files (
helpmetest_upsert_test), and run interactive command sequences (helpmetest_run_interactive_command). - Sanitization: There is no evidence of sanitization or validation of the data retrieved from the repository or tool outputs before it is used to influence the agent's logic or downstream commands.
Audit Metadata