Skills
skills/sd0xdev/sd0x-dev-flow/test-review/Gen Agent Trust Hub

test-review

Pass

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by processing external data from the project repository.
  • Ingestion points: The skill ingests untrusted content such as ${SOURCE_CONTENT}, ${TEST_CONTENT}, and ${AC_LIST} (parsed from request documents) into LLM prompts in references/codex-prompt-test-review.md and references/codex-prompt-ac-trace.md.
  • Boundary markers: While data is delimited using markdown code blocks, the prompts lack explicit instructions to the AI to disregard any commands or directives embedded within the ingested data.
  • Capability inventory: The skill invokes the mcp__codex__codex tool, which is instructed to perform autonomous research using shell commands like ls, grep, and cat. It also uses the Write tool to modify the filesystem.
  • Sanitization: There is no evidence of sanitization, escaping, or validation of the input data before it is interpolated into the prompts.
  • [COMMAND_EXECUTION]: The /codex-test-gen workflow generates and saves new executable test scripts to the local filesystem.
  • Description: The skill derives target paths and uses Codex to generate complete test files, which are then saved using the Write tool.
  • Risk: AI-generated code can contain errors or, if the generation prompt is influenced by malicious source code, could introduce vulnerabilities into the test suite. Although the skill suggests a follow-up review, it does not prevent the creation of potentially unsafe files.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 27, 2026, 01:12 AM