pytest-builder
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill operates as a code generation utility. Its primary functions involve reading local Python source files and writing new test files or configuration files to the local file system. These actions are aligned with the skill's stated purpose.
- [INDIRECT_PROMPT_INJECTION]: The script
scripts/generate_test.pyparses user-provided Python files to extract function and class signatures. While this constitutes a data ingestion surface, the risk is minimal as the script uses the Pythonast(Abstract Syntax Tree) module for parsing, which is a safe way to analyze code without execution. No malicious instruction override patterns were found in the templates. - [DYNAMIC_EXECUTION]: The skill includes scripts that generate Python code (
.py) and configuration files (.ini). This is a core feature of the tool and is implemented using static templates rather than unsafe string evaluation (eval/exec) of untrusted input. - [EXTERNAL_DOWNLOADS]: The skill documentation correctly identifies standard, well-known Python testing libraries (e.g.,
pytest,httpx,sqlmodel,sqlalchemy) as prerequisites. No suspicious or unverified third-party dependencies are referenced.
Audit Metadata