test-generator
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of standard development and testing dependencies, specifically
@cucumber/cucumber,@playwright/test,axios, andchai, from the official npm registry. These are well-known, trusted packages used extensively in the developer community. - [COMMAND_EXECUTION]: The instructions include routine shell commands for initializing a testing environment, such as creating directory structures and generating configuration files via
cat. These operations are standard for development workflows and do not involve unauthorized privilege escalation, persistence mechanisms, or hidden background processes. - [PROMPT_INJECTION]: The skill processes user-provided feature requirements to generate code and documentation. This functionality presents an inherent surface for indirect prompt injection common to code generation tools; however, the risk is mitigated by the skill's use of structured Gherkin templates which enforce a specific output format.
- Ingestion points: Acceptance criteria and feature descriptions provided by the user in the context of
SKILL.md. - Boundary markers: Structural Gherkin keywords (Feature, Scenario, Given, When, Then) act as delimiters for the generated content.
- Capability inventory: Capability to generate TypeScript code, shell commands for test execution, and CI/CD configuration files (GitHub Actions YAML).
- Sanitization: No explicit output sanitization or dynamic input validation is implemented within the skill's prompt logic.
Audit Metadata