The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes the subprocess.run method to execute test commands and coverage tools. This execution path could be abused if the test_command variable is influenced by untrusted input.\n- [DATA_EXFILTRATION]: The skill accesses the local filesystem to read source code for analysis using the open() function. While necessary for its purpose, it allows reading of any file the agent has permissions for if the file path is manipulated.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests untrusted source code and possesses execution capabilities.\n
Ingestion points: The _analyze_python method in SKILL.md reads source code files directly from the filesystem.\n
Boundary markers: No explicit delimiters or warnings to ignore instructions within the source code are implemented in the prompt generation logic.\n
Capability inventory: The skill can read local files (open) and execute system commands (subprocess.run).\n
Sanitization: There is no evidence of path validation or command sanitization to prevent directory traversal or command injection.

unit-testing-test-generate