python-regression-test-generator
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted Python source code (old and new versions) to generate test logic. Malicious instructions embedded in the input code could potentially influence the generated test scripts or the agent's behavior.
- Ingestion points: User-provided Python source code files (SKILL.md).
- Boundary markers: The skill does not define specific delimiters or provide instructions for the agent to ignore natural language commands embedded in the source code.
- Capability inventory: The skill is designed to generate executable Python test code, including mocks for network operations, file systems, and databases using
unittest.mockandpytest. - Sanitization: No input validation or sanitization is performed on the provided code to filter out potential injection attacks.
- [SAFE]: The skill utilizes well-known and trusted external libraries, including
pytest,requests, andaiohttp, for its examples and generated code. - [SAFE]: No evidence of hardcoded credentials, data exfiltration, persistence mechanisms, or obfuscated code was found in the analyzed files.
Audit Metadata