sc-test
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes system-level test runners including pytest, npx jest, and go test, which execute code within the repository to evaluate test suites.
- [REMOTE_CODE_EXECUTION]: The test generation feature implements a write-and-execute pattern where the agent writes new test scripts to the filesystem and runs them to verify coverage, representing a high-capability operation.
- [DATA_EXFILTRATION]: Integrations with Slack and Jira via the Rube MCP allow the skill to transmit test metrics, reports, and status updates to external platforms.
- [PROMPT_INJECTION]: The --query flag accepts user input for a web search tool, creating a surface for injection. Additionally, the skill processes untrusted local source code and test outputs to generate logic, posing an indirect injection risk. Ingestion points: local source code and test output. Boundary markers: none specified to separate data from instructions. Capability inventory: file writing, command execution, and external communication. Sanitization: no validation of generated code is mentioned prior to execution.
- [EXTERNAL_DOWNLOADS]: The use of npx jest may trigger the download of external packages from the NPM registry if they are not already cached locally.
Audit Metadata