pytest Test Framework
Warn
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- Dynamic Execution (MEDIUM): The script
generate-test.pycreates Python test files by interpolating the--descriptionand--sourcearguments directly into a code template. The interpolation indef test_{description...}and the docstring"""Test: {description}"""only replaces spaces with underscores. It does not escape quotes, colons, or newline characters. An attacker-controlled description could break out of the intended function or docstring context to define additional malicious functions or execute arbitrary code when the file is later run by the agent.\n- Indirect Prompt Injection (LOW): This skill exposes a significant attack surface for indirect injection. \n - Ingestion points: The
--descriptionparameter ingenerate-test.pyis intended to receive natural language descriptions of bugs or features, which may originate from untrusted external sources like GitHub issues or bug reports. \n - Boundary markers: None. The input is directly interpolated into a Python script template. \n
- Capability inventory:
run-test.pyexecutes the generated code usingpytestviasubprocess.run(Category 10/Command Execution). \n - Sanitization: Minimal (space-to-underscore replacement only in the function name, none in the docstring).\n- Command Execution (LOW):
run-test.pyexecutes thepytestcommand. While it uses a list-basedsubprocess.runcall that avoids shell injection, it is designed to execute the code generated bygenerate-test.py, facilitating the execution of any injected payloads.
Audit Metadata