pytest
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection because it is designed to read and process external codebase files.
- Ingestion points: The skill utilizes 'Read', 'Glob', and 'Grep' tools to ingest file content from the local project environment.
- Boundary markers: There are no explicit instructions or markers defined to ensure the agent ignores instructions embedded within the files it analyzes.
- Capability inventory: The skill has permission to execute bash commands via 'Bash(pytest:)' and 'Bash(python:)', providing a path for potential exploitation if malicious instructions are followed.
- Sanitization: No sanitization or validation is applied to the data ingested from the filesystem before processing.
- [COMMAND_EXECUTION]: The skill includes Python scripts that dynamically generate code and execute system-level commands.
- Evidence: 'scripts/generate_tests.py' parses source code using the AST module and writes new Python test files. 'scripts/run_tests.py' and 'scripts/check_coverage.py' use the subprocess module to execute 'pytest' and 'python' commands.
Audit Metadata