Skills
skills/laurigates/claude-plugins/project-test-loop/Gen Agent Trust Hub

project-test-loop

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • COMMAND_EXECUTION (LOW): The skill dynamically detects and executes test commands (e.g., npm test, pytest, cargo test) based on project files like package.json or Makefile. In an adversarial context, a malicious repository could define dangerous commands in these files that would be executed by the agent via the Bash tool.
  • PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8). It ingests and parses the output of test commands to identify fixes and refactoring opportunities.
  • Ingestion points: Failure output and assertion results from Bash command execution.
  • Boundary markers: Absent. The skill does not specify delimiters or instructions to ignore embedded commands in the test output.
  • Capability inventory: Read, Edit, and Bash tools allow for file system modification and further command execution.
  • Sanitization: Absent. There is no logic mentioned for escaping or validating the content of the test output before it is processed by the LLM logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:40 PM