automate-tests
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to identify and execute shell commands found in a repository's build manifests (e.g.,
package.json,pyproject.toml,Makefile) and CI configurations (e.g., GitHub Actions, GitLab CI). - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it parses and acts upon instructions found in untrusted external data sources within a repository.
- Ingestion points: The skill reads content from
README.md,CONTRIBUTING.md, CI configuration files, and build manifests to determine test commands (SKILL.md, Behavior step 2). - Boundary markers: While the skill defaults to "fast, local, non-destructive" runs, it lacks explicit delimiters or instructions to ignore embedded commands within the files it parses.
- Capability inventory: High. The agent has the ability to execute arbitrary shell commands, install software packages, and interact with network services or Docker containers (
SKILL.md, Core Objective). - Sanitization: The skill relies on human-in-the-loop verification (printing commands before execution and requesting confirmation) rather than automated sanitization of the discovered commands.
Audit Metadata