Skills
skills/laurigates/claude-plugins/project-test-loop/Gen Agent Trust Hub

project-test-loop

Pass

Audited by Gen Agent Trust Hub on Apr 21, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill dynamically identifies and executes test commands from project configuration files such as package.json, Makefile, and others. This could lead to the execution of malicious scripts if the project files themselves are untrusted.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). It parses and analyzes test output and source code to decide on implementation fixes and refactorings.
  • Ingestion points: Test failure output from the Bash tool and file content read via the Read tool.
  • Boundary markers: None specified; the agent is instructed to parse raw output.
  • Capability inventory: The skill uses Bash for command execution and Edit for file modification.
  • Sanitization: No explicit sanitization or validation of the test output is described before the agent acts upon it. Maliciously crafted test output or comments in source code could potentially influence the agent's behavior during the fix/refactor phases.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 21, 2026, 01:18 AM