frontend-testing
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions include running shell commands such as
npx vitestandnpm run test-unitto validate the generated tests. These operations are essential for the skill's primary function of ensuring code quality through testing. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes user-provided source code to create tests. Malicious instructions hidden within components or hooks could theoretically influence the agent's output or execution steps.
- Ingestion points: Local source files for React components, hooks, and utilities.
- Boundary markers: None explicitly specified in the skill instructions to separate code from instructions.
- Capability inventory: Ability to write files and execute local shell commands through npm/npx.
- Sanitization: No explicit sanitization or filtering of input code is described.
Audit Metadata