writing-dev-server-tests
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): No security issues detected. The skill uses local utilities (
../bake-harness) and targets a specific internal directory (test/bake/) for development server testing. - [Indirect Prompt Injection] (SAFE): The skill facilitates the ingestion of file content as part of a testing configuration, which is a common pattern for Dev Server tests.
- Ingestion points: The
filesproperty indevTestcalls withinSKILL.md. - Boundary markers: Absent, as content is treated as literal file data for the test environment.
- Capability inventory: File mutations (
dev.write,dev.patch,dev.delete), HTTP fetching (dev.fetch), and client environment spawning (dev.client) as documented inSKILL.md. - Sanitization: Not present, but risks are mitigated by the intended use case of local testing where the developer controls the test definitions.
- [Dynamic Execution] (SAFE): The skill explicitly describes writing and executing code for the purpose of testing a development server's Hot Module Replacement (HMR) capabilities. This behavior is standard for its primary purpose.
Audit Metadata