tdd-pytest
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill ingests untrusted data from existing test files, source code, and conversation context. * Ingestion points: Project files in 'tests/' and 'src/', 'pyproject.toml', and user conversation history. * Boundary markers: None present. * Capability inventory: Arbitrary command execution via 'uv run pytest' and file system modification (writing reports and configuration). * Sanitization: No sanitization or validation of the project code is performed before execution.
- [Command Execution] (HIGH): The skill provides commands like '/tdd-pytest:test-all' that invoke 'uv run pytest'. This executes all code within the project's test suite. A malicious project could contain tests designed to perform unauthorized actions (e.g., data exfiltration or persistence) when triggered by the agent.
Recommendations
- AI detected serious security threats
Audit Metadata