Skills
skills/montimage/skills/test-coverage/Gen Agent Trust Hub

test-coverage

Pass

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands to sync the repository via git and run test coverage analysis tools including jest, vitest, pytest, go test, and cargo tarpaulin. These are standard tools for the supported software ecosystems.
  • [EXTERNAL_DOWNLOADS]: Uses npx to execute JavaScript testing frameworks, which may download the packages if they are not already installed in the local environment. It also references cargo tarpaulin, which may require installation.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes untrusted project source files and coverage report data to identify test gaps and generate new code.
  • Ingestion points: Project source code files and coverage report outputs (JSON and text formats) from SKILL.md Step 1.
  • Boundary markers: None identified; the agent is instructed to read files directly into context.
  • Capability inventory: The skill has shell execution capabilities (via git and test runners) and file system write access (to create or modify test files).
  • Sanitization: No explicit sanitization or validation of the content of the analyzed files is described.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 7, 2026, 06:36 PM