testing
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of local shell commands to run tests, specifically using the project's detected package manager (e.g.,
pnpm run testorpnpm vitest run <file>). This is part of its core functionality for verifying test successes and debugging failures. - [PROMPT_INJECTION]: The skill contains an inherent indirect prompt injection surface because it reads and processes untrusted project source code to generate test cases. While no explicit malicious instructions were found in the skill itself, the lack of boundary markers for ingested code content is noted. Ingestion points: project source files (SKILL.md Step 1); Boundary markers: none; Capability inventory: shell command execution for test runners; Sanitization: none.
- [DATA_EXPOSURE]: The skill is instructed to scan local project configuration files, such as
package.jsonandvitest.config.ts, to detect the environment. These operations are performed locally to adapt to the project's existing conventions and do not involve external transmission of data.
Audit Metadata