Skills
skills/pauloviccs/viccs_antigravity_skillscreator/testing-patterns/Gen Agent Trust Hub

testing-patterns

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/test_runner.py executes system commands such as npm test, pytest, jest, and vitest using subprocess.run. Although it uses argument lists to prevent shell injection, it executes the logic defined within the project's scripts.
  • [EXTERNAL_DOWNLOADS]: The use of npx for executing vitest or jest may trigger downloads of these packages from the npm registry if they are not available locally. As npm is a well-known service, this is documented as a standard functional behavior.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection via the processing of untrusted project configuration files.
  • Ingestion points: Reads package.json, pyproject.toml, and requirements.txt from the target project directory.
  • Boundary markers: No specific delimiters or instructions are used to ignore embedded commands within the ingested data files.
  • Capability inventory: Subprocess execution is performed across Node.js and Python environments via scripts/test_runner.py.
  • Sanitization: Uses list-based subprocess calls to mitigate shell injection, but does not validate or sanitize the contents of the scripts being executed.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 01:34 AM