press
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes narrow test suites and project-level 'gates' (commands) to verify code correctness and test stability. This functionality is documented as its primary purpose for validating hardening tests.
- [PROMPT_INJECTION]: The skill possesses a surface for Indirect Prompt Injection (Category 8) because it ingests untrusted external data (project specs and source code diffs) and has significant local capabilities. While no malicious behavior is present, the surface exists due to the nature of the task.
- Ingestion points: SKILL.md reads user-provided specifications and code diffs.
- Boundary markers: The instructions do not define explicit delimiters or 'ignore' instructions for the processed code blocks.
- Capability inventory: The skill uses
cheez-writefor file modifications and executes arbitrary shell commands for running project tests. - Sanitization: No validation or sanitization of the input code/specs is mentioned before processing or interpolation into prompts.
Audit Metadata