coverage-report-analyzer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill possesses an attack surface for indirect prompt injection as it is designed to process untrusted external data in the form of test coverage reports.
- Ingestion points: Test coverage reports (e.g., from Jest or Pytest) ingested into the agent context via the Read tool (implied by file: SKILL.md).
- Boundary markers: Absent; there are no defined delimiters or specific instructions to the agent to disregard instructions embedded within the reports.
- Capability inventory: The skill allows the use of high-privilege tools including Bash, Write, and Edit across all operations.
- Sanitization: No evidence of input validation, escaping, or sanitization of report content is provided in the skill definition.
Audit Metadata