python-testing
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill includes commands to run tests using
uv run pytest. This is the standard and intended behavior for a testing utility and does not involve arbitrary or hidden command execution. - DATA_EXPOSURE (SAFE): While the skill mentions environment variables and API keys, it uses generic placeholders (e.g.,
test_key_123) within a mocking context, which is a standard development practice and does not leak sensitive information. - INDIRECT_PROMPT_INJECTION (INFO): The skill defines an execution surface where the agent runs code found in the project's
tests/directory. While this is a high-privilege capability (code execution), it is the primary purpose of the skill. The risk is inherent to the task of testing and depends on the user's trust in the code being tested. - EXTERNAL_DOWNLOADS (SAFE): The skill references standard, well-known Python tools such as
pytestandpytest-cov. It does not attempt to download or execute scripts from untrusted or remote sources.
Audit Metadata