Skills
skills/laurigates/claude-plugins/code-test-quality/Gen Agent Trust Hub

code-test-quality

Pass

Audited by Gen Agent Trust Hub on Apr 14, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and analyzes the content of local test files which are considered untrusted data. Maliciously crafted test cases, comments, or test names could contain instructions designed to mislead the agent during its analysis.
  • Ingestion points: Test files identified via Glob and find, then processed using Read and Grep (SKILL.md Step 2).
  • Boundary markers: None specified to differentiate between test code and instructions.
  • Capability inventory: Execution of shell commands via Bash (test runners) and file modification via TodoWrite.
  • Sanitization: No sanitization or validation of the file content is performed before analysis.
  • [COMMAND_EXECUTION]: The skill uses dynamic context injection (!command) to gather information about the project environment at load time. While the specific commands used are benign discovery tools, this mechanism executes shell commands automatically when the skill is accessed.
  • Evidence: !find . -type f ... and !find . -maxdepth 2 ... in the Context section of SKILL.md.
  • [COMMAND_EXECUTION]: The skill explicitly utilizes the Bash tool to run various test frameworks (vitest, jest, pytest, cargo test). This is the intended primary purpose of the skill for analyzing test quality and coverage.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 14, 2026, 01:23 PM