unit-testing-test-generate
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The CoverageAnalyzer class utilizes subprocess.run to execute a test_command argument. This pattern is vulnerable to command injection if the command or its parameters are derived from untrusted input or manipulated project configuration.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection.
- Ingestion points: The skill reads local source files via open(file_path) and processes them using the ast module in the TestGenerator class.
- Boundary markers: No delimiters or specific instructions are provided to the agent to distinguish between its system instructions and the untrusted code content being analyzed.
- Capability inventory: The skill includes methods for system command execution (subprocess.run) and is designed to generate executable code templates for various languages.
- Sanitization: No validation or sanitization of the content extracted from the source files is performed before it is used for test generation logic.
Audit Metadata