run-tests
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes 'npm run test' and 'git' commands (diff, status) to perform its core QA functions. These are standard local operations for the intended use case.
- [SAFE]: The skill does not access sensitive system files, hardcode credentials, or use external network connections. Its behavior is consistent with the provided description.
- [SAFE]: The skill's analysis of file paths for coverage mapping is a standard feature. While it represents a surface for indirect prompt injection, the risk is minimal and handled within the local scope.
- Ingestion points: File names are ingested from 'git diff --name-only' and 'git status' output (SKILL.md, Step 2).
- Boundary markers: The skill does not use specific boundary delimiters for the file analysis logic in Step 3.
- Capability inventory: Capabilities are limited to running local test scripts and reading git metadata.
- Sanitization: No sanitization is performed on file names before analysis.
Audit Metadata