analyzing-test-coverage
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to read, analyze, and write test files and interpret test execution output. This creates a vulnerability surface where malicious instructions embedded in codebase comments or crafted into test failure messages could potentially influence the agent's behavior.
- Ingestion points: Project source code, test files (
*.test.ts), and standard output/error from thepnpm testcommand. - Boundary markers: Absent; the skill does not instruct the agent to use specific delimiters or ignore instructions found within the files it analyzes.
- Capability inventory: The skill has permissions for file modification (
Write,Edit) and restricted shell execution (Bash(pnpm test:*)). - Sanitization: There is no evidence of sanitization or filtering of external content before it is interpolated into the agent's context.
Audit Metadata