Skills
skills/vimkim/my-cubrid-skills/create-testcases/Gen Agent Trust Hub

create-testcases

Pass

Audited by Gen Agent Trust Hub on Apr 5, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill uses the $ARGUMENTS placeholder to ingest untrusted user descriptions which are then used to generate executable C++, SQL, and Shell test cases.
  • Ingestion points: User input enter via the $ARGUMENTS parameter in SKILL.md.
  • Boundary markers: Absent. The user input is interpolated directly into the instructions without delimiters (like XML tags) or system instructions to ignore embedded commands.
  • Capability inventory: The skill directs the agent to write files to multiple local directories (unit_tests/, ~/gh/tc/cubrid-testcases/sql/, ~/cubrid-testcases-private-ex/shell/). These generated scripts are designed for subsequent execution.
  • Sanitization: There are no steps provided to validate or sanitize the feature description, which could allow an attacker to inject malicious logic that the agent then includes in the generated test files.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 5, 2026, 11:54 PM