automate-test-cases
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands using 'npx' to run test suites and verify the stability of generated code. These operations are managed via SKILL.md and scripts/post-hook.sh.\n- [REMOTE_CODE_EXECUTION]: The skill generates automated test scripts from manual input and executes them at runtime to confirm they pass. This dynamic execution is essential for the test automation workflow and is performed locally.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes manual test cases provided by the user or extracted from source code comments to generate executable code.\n
- Ingestion points: Manual test cases are retrieved from user prompts or source file comments in SKILL.md Step 2.0.\n
- Boundary markers: There are no explicit delimiters or instructions provided to the agent to distinguish between test steps and potential malicious instructions within the input data.\n
- Capability inventory: The skill can write files and execute arbitrary shell commands through its test verification workflow (SKILL.md Step 4.1 and scripts/post-hook.sh).\n
- Sanitization: No validation or sanitization of the input manual test cases is mentioned before they are used to drive the code generation process.
Audit Metadata