test-review
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill executes local shell commands such as 'npm test', 'pytest', and 'rspec' to verify test results. This is the intended behavior for a test review skill but involves running code defined in the local environment.- [PROMPT_INJECTION] (LOW): (Category 8: Indirect Prompt Injection) The skill lacks safeguards against malicious instructions embedded within the test files or configurations it processes.
- Ingestion points: Local test files, source code, and project configuration files (e.g., package.json).
- Boundary markers: Absent. No instructions are provided to distinguish between data (code) and instructions.
- Capability inventory: File system read access and shell command execution.
- Sanitization: Absent. File contents are analyzed directly without sanitization.
Audit Metadata