auto-test
Pass
Audited by Gen Agent Trust Hub on Jul 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a
PreToolUsehook to execute a local bash script (guard-test-integrity.sh) whenever the agent attempts to use theEditorWritetools. This script acts as a policy enforcer to ensure test integrity by blocking the addition of 'skip' or 'only' markers in test files. - [PROMPT_INJECTION]: The skill processes untrusted data from the user's codebase to identify testing gaps and write new tests. This creates a surface for indirect prompt injection where instructions hidden in the code could potentially influence the agent's behavior.
- Ingestion points: The agent reads source code, test files, and configuration files (e.g.,
package.json,Cargo.toml) during the discovery phase (Phase 1). - Boundary markers: No specific boundary markers or instructions are provided to the agent to treat the ingested code as untrusted data.
- Capability inventory: The agent has extensive capabilities including arbitrary shell command execution via the
Bashtool and file system modification viaWriteandEdittools. - Sanitization: There is no evidence of sanitization or filtering of the ingested code content.
Audit Metadata