migrate-to-rstest
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands to automate development tasks, specifically package installation using 'npx -y @antfu/ni install' and running the 'rstest' test runner for verification and snapshot updates. These commands are essential for the migration workflow.
- [EXTERNAL_DOWNLOADS]: The skill downloads and executes the '@antfu/ni' utility from the npm registry via npx to manage dependencies across different package managers.
- [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection as it reads and processes untrusted user test files and project configurations. 1. Ingestion points: Test files and configuration files (e.g., package.json, jest.config.*) identified during the detection phase. 2. Boundary markers: No explicit delimiters or ignore-instructions are defined for the data read. 3. Capability inventory: The skill can execute shell commands via npx and the rstest binary. 4. Sanitization: No sanitization of code content is performed before processing.
Audit Metadata