python-testing
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8). It is designed to process untrusted external data (reviewing/writing tests for PRs or bugfixes) and possesses high-privilege capabilities (executing commands).
- Ingestion Points: Ingests untrusted code from the user's repository during 'writing or reviewing tests' (SKILL.md).
- Boundary Markers: Absent. There are no instructions to the agent to treat external code as untrusted or to avoid executing code found within the repository being reviewed.
- Capability Inventory: Command execution via
uv run pytest(SKILL.md, references/pytest-practices.md) and subprocess execution viasubprocess.run(scripts/test_pypi_security_audit.py). - Sanitization: Absent. The agent is encouraged to run scripts found in the repository without validation.
- [COMMAND_EXECUTION] (MEDIUM): The skill explicitly instructs the agent to run
uv run pytest scripts/test_pypi_security_audit.py -v. This script executes external binaries (pip-audit) usingsubprocess.run. While the script uses fixed arguments, the pattern of encouraging the agent to execute repository-level scripts is a significant security risk when used on untrusted codebases. - [EXTERNAL_DOWNLOADS] (LOW): The
pip-auditutility, by design, will reach out to PyPI to check for vulnerabilities. This is a trusted-source operation but should be noted as it involves network activity during the testing process.
Recommendations
- AI detected serious security threats
Audit Metadata