Skills
skills/sirn/dotfiles/code-generate-tests/Gen Agent Trust Hub

code-generate-tests

Pass

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes Jujutsu (jj diff) and Grep commands to analyze the local repository for changes and untested code paths as specified in Step 1 and Step 3 of the process description.
  • [COMMAND_EXECUTION]: The skill generates test code and executes it using a test skill, performing runtime execution of code generated by the agent during the task.
  • [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection because it processes untrusted source code from the project to generate test logic.
  • Ingestion points: Project source code and diffs are read into the agent's context using jj and Grep commands in SKILL.md and SUBAGENT.md.
  • Boundary markers: No explicit delimiters or instructions are provided to the agent to treat code comments or strings as non-executable data during the generation phase.
  • Capability inventory: The skill can execute shell commands (jj, Grep) and run arbitrary code via the test skill interface.
  • Sanitization: There are no defined steps to sanitize or validate the project's source code before it is used as input for test generation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 3, 2026, 03:07 AM