testing-cicd-init
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill configures the installation of standard, well-known testing libraries (vitest, @testing-library/react, supertest) from official registries. It also incorporates official GitHub Actions (actions/checkout, oven-sh/setup-bun) and the Codecov action in generated CI workflows.
- [COMMAND_EXECUTION]: The skill uses shell commands via the Bun package manager to install dependencies and execute test suites. These commands are standard for project initialization and local development workflows.
- [SAFE]: Hardcoded connection strings like 'mongodb://localhost:27017/test' found in the test setup templates are standard for local development environments and do not represent a credential leak.
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface Analysis:
- Ingestion points: The skill reads project metadata from
package.jsonand directory structures. - Boundary markers: Absent; the skill relies on the agent's internal logic to parse project files.
- Capability inventory: Includes file system writes (template creation) and package installation commands.
- Sanitization: No explicit sanitization of project metadata is performed, but the risk is low as the agent uses this data only for structural project detection.
- Verdict: The surface for indirect injection is minimal and confined to project initialization tasks.
Audit Metadata