testing-guide
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilize the Bash tool to run various testing and coverage utilities such as Jest, Pytest, Stryker, and mutmut during its automated branch coverage analysis workflow.
- [EXTERNAL_DOWNLOADS]: Skill templates and best-practice guides include configurations to fetch testing frameworks and CI/CD actions from trusted organizations and well-known services, including Google's GitHub repositories and official package registries.
- [PROMPT_INJECTION]: The 'Branch Coverage Analysis' feature processes user-provided source code to identify untested paths, creating an indirect prompt injection surface (Category 8). \n
- Ingestion points: User source code files and requirement documents accessed via Read and Glob tools. \n
- Boundary markers: The skill does not specify the use of delimiters or 'ignore' instructions when analyzing user content. \n
- Capability inventory: Bash (for executing coverage tools), Write (for generating test skeletons), and Edit. \n
- Sanitization: No specific input sanitization or validation of the analyzed source code is described in the workflow.
Audit Metadata