add-tests
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands including
grep,find,pytest, andnpx vitestto discover project configurations and execute test suites on the local system. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because its workflow involves reading and processing untrusted project files.
- Ingestion points: Reads existing test files (Step 2) and target module source code (Step 3) to identify patterns and logic.
- Boundary markers: There are no defined boundary markers or instructions to the model to ignore potential instructions embedded within the code comments or strings of the analyzed files.
- Capability inventory: The skill possesses the ability to write new files to the filesystem and execute those files using system-level test runners like
pytestandvitestvianpx. - Sanitization: The workflow does not include a step to sanitize or escape the content of the ingested source files before they are used to prompt the LLM for test generation.
Audit Metadata