test-report
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is designed for informational purposes, reading existing test artifacts without execution. It demonstrates a security-conscious approach by restricting the 'Bash' tool to 'git' subcommands, effectively limiting the risk of arbitrary command execution.
- [DATA_EXFILTRATION]: The skill identifies and reads from various standard test cache locations (e.g., .pytest_cache, node_modules/.vitest/, coverage.out). This activity is scoped to the project environment and is necessary for providing test health summaries. No suspicious network activities or exfiltration patterns were detected.
- [PROMPT_INJECTION]: The skill ingests data from external sources (locally generated test reports), which constitutes an indirect prompt injection surface.
- Ingestion points: Multiple cache directories and report files as defined in SKILL.md (e.g., Jest coverage, Go coverage.out).
- Boundary markers: None specified in the behavior instructions to delimit external file content from agent instructions.
- Capability inventory: Access to 'Read', 'Glob', and restricted 'Bash' tools within the repository context.
- Sanitization: No explicit sanitization or validation of the ingested cache data is performed before parsing.
Audit Metadata