exp-test-smell-detection
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection as it is designed to ingest and process untrusted code files provided by a user. Maliciously crafted comments or string literals within the analyzed test files could attempt to influence the agent's behavior or skew the audit results.
- Ingestion points: SKILL.md (Workflow Step 1) instructs the agent to read all test files or project directories provided by the user.
- Boundary markers: Absent. There are no instructions provided to the agent to use specific delimiters or to disregard potential instructions embedded within the test code.
- Capability inventory: The skill's functionality is limited to reading files and generating diagnostic reports; it does not utilize high-risk tools such as network access, system modification, or arbitrary command execution for the audit logic itself.
- Sanitization: No mechanisms for sanitizing or escaping the content of the ingested files are defined in the workflow.
Audit Metadata