run-tests
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of local test runners and a helper script located within the .claude/skills/bmad-commands directory. This functionality is essential for its primary purpose of test automation and quality validation.
- [PROMPT_INJECTION]: The skill handles data from test execution and coverage tools, which creates an indirect prompt injection surface.
- Ingestion points: Test results and coverage data are ingested from tool outputs as described in templates.md.
- Boundary markers: No specific boundary markers or 'ignore' instructions are used when interpolating tool output into prompts.
- Capability inventory: The skill possesses command execution capabilities (via bmad-commands) and can generate test code based on analysis.
- Sanitization: There is no evidence of output sanitization or validation for the ingested test data before it is presented in summaries.
- [EXTERNAL_DOWNLOADS]: Documentation for CI/CD integration refers to trusted and well-known services such as GitHub Actions and Codecov. These references are safe and follow industry standards for software development.
Audit Metadata