test-heuristics
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill facilitates the review and triage of user-provided test code, which introduces a potential attack surface where malicious instructions embedded in that code could influence the agent's behavior during analysis. While the skill is intended for technical review, it lacks specific defenses for this vector.
- Ingestion points: Untrusted test files and code snippets provided by the user during the 'review', 'triage', 'author', or 'strategize' workflows (e.g., file paths provided in the prompt).
- Boundary markers: The playbooks and core instructions do not mandate the use of delimiters, XML tags, or explicit 'ignore embedded instructions' warnings when the agent interpolates user code into its reasoning context.
- Capability inventory: The skill leverages the agent's capability to read local files and orchestrate complex multi-agent tasks through parallel sub-agent delegation (as detailed in
references/subagent-dispatch.md). - Sanitization: No explicit sanitization or escaping mechanisms are described for the content ingested from the Subject Under Test (SUT) or its associated test files.
Audit Metadata