python-testing-patterns
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): The skill contains instructional content and code examples for software testing. No attempts to override agent behavior or bypass safety filters were found.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials or sensitive file paths were detected. Examples use in-memory databases (
sqlite:///:memory:) and generic placeholders for testing purposes. - Obfuscation (SAFE): No encoded strings, zero-width characters, or hidden payloads are present in the documentation or code snippets.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill references well-known, reputable Python packages (
pytest,pytest-cov,hypothesis) and uses trusted GitHub Actions (actions/setup-python,astral-sh/setup-uv). No piped remote script execution or untrusted source downloads were found. - Privilege Escalation & Persistence (SAFE): The content is restricted to testing logic and environment configuration. No commands involving
sudo, system-level persistence, or unauthorized permission changes are present. - Indirect Prompt Injection (LOW): As a documentation skill, it facilitates the processing of user code. While it demonstrates how to handle external data (e.g., API responses, databases), it emphasizes best practices like mocking and isolation which mitigate risks. Boundary markers like docstrings and AAA patterns are consistently used in examples.
Audit Metadata