full-coverage
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No direct prompt injection, system prompt extraction, or safety filter bypass instructions were found.\n- [COMMAND_EXECUTION]: The skill utilizes legitimate test runners including Vitest and Playwright to execute generated test code locally. These commands are essential to the skill's function and target well-known, trusted binaries.\n- [INDIRECT_PROMPT_INJECTION]: The skill reads project source code to inform test generation. While this presents an ingestion surface for untrusted data, the skill's internal logic is highly structured and limited to producing test code according to fixed templates, minimizing the risk of prompt manipulation via source code.\n- [DYNAMIC_EXECUTION]: Test scripts are generated and executed at runtime. The skill implements safety measures such as unique test data generation and automated cleanup in afterEach hooks to ensure stable and isolated execution, adhering to best practices for automated testing.
Audit Metadata