add-unit-test
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill instructs the agent to analyze production code and existing tests to generate new test logic, which creates a vector for indirect prompt injection. Malicious or malformed content within the repository could potentially influence the agent's output or command execution behavior.
- Ingestion points: Production source code files located in
xllm/, existing test files intests/, and reference files such ascustom-code-style.md. - Boundary markers: The skill does not provide the agent with specific delimiters or instructions to treat ingested code as untrusted data rather than instructions.
- Capability inventory: The agent has the capability to write new C++/CUDA files, modify
CMakeLists.txt, and execute shell commands includingrg,git diff, andpython setup.py test. - Sanitization: There are no mechanisms described for sanitizing or validating the code ingested from the repository before processing.
- [DATA_EXFILTRATION]: The skill documentation includes specific internal environment details that expose system and user information.
- Evidence: The reference file
references/xllm-test-patterns.mdcontains a specific developer's home directory path (/export/home/zhangxu709/xllm), an internal SSH hostname (gpu-h800-195), and a specific container identifier (zx-xllm-cuda). While these are not credentials, they provide internal reconnaissance data regarding the organization's infrastructure and naming conventions.
Audit Metadata