add-unit-test

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill instructs the agent to analyze production code and existing tests to generate new test logic, which creates a vector for indirect prompt injection. Malicious or malformed content within the repository could potentially influence the agent's output or command execution behavior.
  • Ingestion points: Production source code files located in xllm/, existing test files in tests/, and reference files such as custom-code-style.md.
  • Boundary markers: The skill does not provide the agent with specific delimiters or instructions to treat ingested code as untrusted data rather than instructions.
  • Capability inventory: The agent has the capability to write new C++/CUDA files, modify CMakeLists.txt, and execute shell commands including rg, git diff, and python setup.py test.
  • Sanitization: There are no mechanisms described for sanitizing or validating the code ingested from the repository before processing.
  • [DATA_EXFILTRATION]: The skill documentation includes specific internal environment details that expose system and user information.
  • Evidence: The reference file references/xllm-test-patterns.md contains a specific developer's home directory path (/export/home/zhangxu709/xllm), an internal SSH hostname (gpu-h800-195), and a specific container identifier (zx-xllm-cuda). While these are not credentials, they provide internal reconnaissance data regarding the organization's infrastructure and naming conventions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 11:02 PM
Security Audit — agent-trust-hub — add-unit-test