Skills
skills/ldayton/dippy/check-coverage/Gen Agent Trust Hub

check-coverage

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill performs dynamic command execution by running the tool specified in $ARGUMENTS with --help and through the man utility to gather documentation.
  • [COMMAND_EXECUTION]: It utilizes the just command runner to execute test suites (just test) and verification checks (just check) after modifying local source code.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it ingests untrusted data from tool help outputs, man pages, and local tldr files. Ingestion points: Documentation gathered from $ARGUMENTS --help, man, and tldr pages (SKILL.md). Boundary markers: Absent. Capability inventory: Writing to source files in src/dippy/cli/ and executing code via just (SKILL.md). Sanitization: None. Content from these untrusted documentation sources could potentially influence the agent during the code implementation and testing steps.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 08:51 AM