test
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it analyzes external source code to generate tests.
- Ingestion points: The skill uses
ReadandGreptools to ingest user-provided source code files from the local filesystem. - Boundary markers: There are no explicit instructions or delimiters to ignore or sanitize embedded instructions within the code being analyzed.
- Capability inventory: The skill utilizes
Writeto save generated test files andBashto execute testing frameworks (pytest, jest, coverage). - Sanitization: The skill lacks sanitization or validation of the input code before it is processed or used to generate executable test scripts.
- [COMMAND_EXECUTION]: The skill provides instructions to execute shell commands for test coverage and execution.
- Evidence: The documentation explicitly guides the agent to use
Bashfor runningpytest,coverage,jest, andnpm testcommands. While these are standard developer operations, they represent the execution of potentially complex code structures generated from user input.
Audit Metadata