running-tests
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands to run tests based on detected frameworks. This is the primary function of the skill but involves running code defined in the repository.
- [PROMPT_INJECTION]: The skill captures output from test execution and writes it to a JSON checkpoint file. This creates a surface for indirect prompt injection if the test output contains malicious instructions that are later processed by the agent.
- Ingestion points: Step 2 and 3 capture output from various test commands into /tmp/test-output.txt.
- Boundary markers: No delimiters or sanitization are applied to the captured output.
- Capability inventory: The skill has the ability to execute shell commands and modify the filesystem.
- Sanitization: No sanitization is performed on the test output before it is included in the checkpoint file.
Audit Metadata