smart-test
Warn
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill generates and suggests shell commands (e.g.,
pytest [selected_tests]) where[selected_tests]is a list of file paths retrieved viagit diffand import scanning. If the repository contains files with shell metacharacters in their names (e.g.,; rm -rf / ;.py), the generated command would execute unintended operations if run by the agent or user without further sanitization. - [DATA_EXFILTRATION]: The skill accesses and manages data files within the
.claude/data/test-mapping/and~/.amplihack/directories. While primarily used for caching test mappings and reliability scores, accessing the home directory is a sensitive operation that can lead to data exposure.
Audit Metadata