flaky-test-detector
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted input from external test results (JSON) and source code files, which constitutes a surface for indirect prompt injection. (1) Ingestion points: Test result JSON files and various source code files scanned during static analysis. (2) Boundary markers: No delimiters or specific instructions are used to separate data from commands. (3) Capability inventory: Reading local file system and executing a local Python analysis script. (4) Sanitization: The skill uses standard JSON parsing but does not sanitize or filter content like test names or code comments before they are processed by the agent.
- [COMMAND_EXECUTION]: The agent is instructed to execute a local Python script
scripts/analyze_test_results.pyto process test data. This script is a safe, internal tool and does not perform network operations, access sensitive files, or execute arbitrary system commands.
Audit Metadata