The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it processes external, potentially attacker-controlled test files.
Ingestion points: The scripts/semantic_analyzer.py script parses Python files in the tests/ directory using the ast module, and scripts/coverage_analyzer.py loads coverage data from JSON files.
Boundary markers: The skill lacks explicit boundary markers or system instructions to ignore instructions embedded within the test code or comments being analyzed.
Capability inventory: The skill possesses the capability to execute shell commands via subprocess.run within scripts/coverage_analyzer.py.
Sanitization: No validation or sanitization is performed on the test file content or filenames before they are processed or used in command execution.
[COMMAND_EXECUTION]: The scripts/coverage_analyzer.py script implements a run_coverage_for_test method that uses subprocess.run to execute arbitrary strings as commands. While this is used for the intended purpose of running test suites (e.g., via pytest), it represents a powerful capability that could be exploited if an attacker can influence the command string through indirect injection in test files or metadata.

test-deduplicator