test-case-documentation
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions involve executing
pytestto gather test results and coverage data. This capability executes any Python code located in the project's test directory. - [PROMPT_INJECTION]: The skill extracts docstrings and comments from test files and includes them in the generated documentation, creating a vulnerability to indirect prompt injection where malicious instructions in a test file could influence the agent's behavior.
- Ingestion points: Python source files and test suites processed by
scripts/extract_tests.pyand read viacatorgrep. - Boundary markers: Absent; the extracted text is directly inserted into markdown templates without delimiters or 'ignore' instructions.
- Capability inventory: The skill utilizes
find,cat,grep, andpytest, and executes an internal Python script to analyze code. - Sanitization: Absent; the script extracts docstrings and code comments without sanitizing or validating the content for potential injection patterns.
Audit Metadata