testing-strategy
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized network activity detected in the skill instructions or reference files.
- [NO_CODE]: The skill consists exclusively of Markdown documentation and instructions; it does not include any scripts or executable files.
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and analyze untrusted project data (source code and configurations) which could theoretically contain malicious instructions. However, the risk is inherent to the functional purpose of a code-analysis tool and no specific exploits are present.
- Ingestion points: Project configuration files, dependency manifests, and source code (SKILL.md).
- Boundary markers: None explicitly defined to distinguish between project data and instructions.
- Capability inventory: File system read access and file writing for test generation (SKILL.md).
- Sanitization: None specified for handling content read from the project.
Audit Metadata