write-tests
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes user-provided source files to generate test cases, which introduces an attack surface for indirect prompt injection. If the source files contain adversarial instructions, the agent might inadvertently follow them during the generation process. Ingestion points: source file path in SKILL.md. Boundary markers: absent. Capability inventory: local shell execution via npx vitest. Sanitization: absent.
- [COMMAND_EXECUTION]: The skill executes
npx vitestto run tests on local files. This is a standard development task but involves executing shell commands targeting user-specified paths.
Audit Metadata