uv-pytest-unit-testing
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell scripts (
scripts/bootstrap_pytest_uv.shandscripts/run_pytest_uv.sh) to execute 'uv' and 'pytest' commands for environment setup and test execution. - [EXTERNAL_DOWNLOADS]: The scripts use 'uv' to download and install standard testing packages like 'pytest' and 'pytest-cov' from the Python Package Index (PyPI).
- [INDIRECT_PROMPT_INJECTION]: The skill implements a configuration loading mechanism that reads from repository-local paths (
.codex/profiles/uv-pytest-unit-testing/customization.yaml). While this is a potential ingestion point for untrusted data, the scripts strictly whitelist allowed configuration keys (e.g.,workspace_root,package,with_cov), effectively mitigating the risk of arbitrary command injection through configuration files.
Audit Metadata