test-detect
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local testing commands including
npx,python -m pytest,go test,cargo test,mix test, andbundle exec rspec. This is the primary intended function of the skill. - [COMMAND_EXECUTION]: The skill interpolates user-provided file paths from arguments into shell commands to run specific tests. While this is a common pattern for CLI wrappers, it relies on the underlying agent environment to handle path sanitization.
- [PROMPT_INJECTION]: The skill has an indirect injection surface in Step 5 where it reads and analyzes source code content to generate new test files. Instructions embedded in source code comments could potentially influence the test generation logic.
- Ingestion points: Reads source files (e.g.,
src/utils.ts) via argument parsing. - Boundary markers: None explicitly defined in the skill instructions to separate code content from instructions.
- Capability inventory: Executes subprocesses (
npx,pytest, etc.) and performs file write operations to save generated tests. - Sanitization: No explicit sanitization or filtering of source code content is described before processing.
Audit Metadata