Skills
skills/dokhacgiakhoa/antigravity-ide/unit-testing-test-generate/Gen Agent Trust Hub

unit-testing-test-generate

Warn

Audited by Gen Agent Trust Hub on Apr 8, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The CoverageAnalyzer class in sub-skills/5-coverage-analysis-and-gap-detection.md uses subprocess.run to execute a command string (test_command) provided during the analysis phase. If this command is influenced by untrusted input, it could lead to arbitrary command execution on the host system.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes local source files to generate tests. Maliciously crafted content within these files could manipulate the agent's logic during the test generation process.\n
  • Ingestion points: sub-skills/1-analyze-code-for-test-generation.md reads local files via open(file_path).\n
  • Boundary markers: None identified; source code is parsed directly into an Abstract Syntax Tree (AST).\n
  • Capability inventory: File system access, command execution, and dynamic code generation.\n
  • Sanitization: No validation or sanitization of the input source code is performed before it is used to drive test generation logic.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 8, 2026, 01:54 PM