ckvd-testing
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute developer utilities including the pytest framework and the ruff linter. These operations are intended for local code verification and testing.
- [SAFE]: The skill provides an attack surface for indirect prompt injection by reading repository files and writing new test code. This is the primary function of the skill and is considered safe in its intended development context. Evidence: 1. Ingestion points: Read, Grep, and Glob tools used on source files in the repository. 2. Boundary markers: None. 3. Capability inventory: Bash, Read, Grep, and Glob. 4. Sanitization: None.
- [SAFE]: Integration tests described in the skill interact with well-known cryptocurrency exchange APIs (Binance, OKX), which is consistent with the library's documented purpose for market data analysis.
- [SAFE]: The provided shell script 'scripts/run_quick_tests.sh' utilizes security best practices such as 'set -euo pipefail' and proper variable quoting to ensure robust execution.
Audit Metadata