test-guided-migration-assistant
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill ingests test output from a file (test_output.txt) to analyze failures and propose fixes. This creates a surface for indirect prompt injection where malicious content in a codebase's test output could influence the agent's code generation logic.
- Ingestion points: The test_output.txt file is read by the analyzer script and the agent.
- Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the test output.
- Capability inventory: The skill can execute shell commands (npm, pip, git, test runners) and modify the local filesystem.
- Sanitization: No sanitization or filtering of the test output is performed before processing.
- [COMMAND_EXECUTION]: The skill's workflow involves executing various system commands to run tests (pytest, jest), update packages (npm, pip), and manage version control (git). It also executes its own local analysis script (analyze_test_failures.py).
- [EXTERNAL_DOWNLOADS]: The skill automates the installation and updating of external libraries and frameworks via standard package managers like npm and pip.
Audit Metadata