Skills
skills/sien75/graphicode-skills/graphicode-test-engineer-ts/Gen Agent Trust Hub

graphicode-test-engineer-ts

Pass

Audited by Gen Agent Trust Hub on Apr 21, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The agent is instructed to suppress explanations and respond only with 'mission complete' after writing files, which reduces user oversight and could conceal unauthorized changes.
  • [PROMPT_INJECTION]: The skill is vulnerable to instructions embedded in project files.
  • Ingestion points: 'graphig.md' and module 'README.md' files.
  • Boundary markers: Absent; the agent is simply told to read these files.
  • Capability inventory: The agent can write files and potentially execute shell commands derived from configuration.
  • Sanitization: Absent; no validation is performed on the content of the ingested files.
  • [COMMAND_EXECUTION]: The skill directs the agent to execute a command ('singleFilePlaygroundCommand') defined in a project-controlled configuration file ('graphig.md'), which could be exploited to run arbitrary shell commands if the project is untrusted.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 21, 2026, 11:53 AM
Security Audit — agent-trust-hub — graphicode-test-engineer-ts