auto-improve-tests
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from user source files and existing test code. This ingestion provides a pathway for malicious instructions to manipulate the agent's behavior during the iterative test generation process.
- Ingestion points: Target source files and existing test files as specified by the user (SKILL.md).
- Boundary markers: Absent; the agent lacks specific instructions or delimiters to disregard embedded commands or override attempts within the provided source code.
- Capability inventory: The agent possesses the capability to write files (test files) and execute shell commands (test runners like Vitest or Jest) as part of its core loop.
- Sanitization: Absent; no input validation, escaping, or structural analysis is applied to the input source code before it is used to generate or review tests.
- [COMMAND_EXECUTION]: The skill's primary workflow requires the agent to execute test runners on newly generated code. This creates a potential security risk where a compromise via prompt injection in the source files could lead to the execution of arbitrary malicious payloads during the test phase.
Audit Metadata