coverage-review
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFE
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill utilizes
npm run coverageandnpx playwright test. These are standard development operations consistent with the skill's primary purpose of test coverage analysis. - INDIRECT_PROMPT_INJECTION (LOW): The skill processes untrusted external data (source code, PRDs, and wireframes). This creates a surface for indirect prompt injection where instructions embedded in project files could attempt to influence the AI's test generation. However, this is inherent to the tool's function and limited to generating test files.
- DATA_EXFILTRATION (SAFE): The skill reads local files and writes a report to
qa/COVERAGE_GAPS.md. No network calls to external domains or attempts to access sensitive credentials (e.g., SSH keys, AWS configs) were detected.
Audit Metadata