coverage
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool restricted to
npm test:*commands to execute local test suites and generate coverage reports. - [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) through the analysis of project files.
- Ingestion points: Project source code and configuration files are read via Read, Grep, and Glob tools.
- Boundary markers: None. No instructions are provided to delimit analyzed content or ignore embedded commands.
- Capability inventory: File system access (Read, Grep, Glob) and restricted shell command execution (Bash).
- Sanitization: None. File content is processed without filtering.
- [SAFE]: References documentation from the author's official GitHub repository (github.com/AsiaOstrich/universal-dev-standards) for testing standards.
Audit Metadata