testing-review
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill uses a hardcoded absolute file path
/Users/zbeyens/git/plate/.coverage-repo-YYYY-MM-DDxin its coverage command. This exposes information about the author's local system environment, specifically the username and directory structure. - [COMMAND_EXECUTION]: The skill invokes shell commands including
bun test,pnpm test:profile,pnpm test:slowest, andrg. These operations are standard for the skill's purpose but involve executing code and configurations present in the repository being audited. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it analyzes external repository data to determine testing priorities and scoring. 1. Ingestion points: Repository source files, test files, and coverage data. 2. Boundary markers: No delimiters or instructions are used to isolate or ignore embedded instructions in the untrusted content. 3. Capability inventory: Shell command execution (bun, pnpm, rg) and file system write access to
docs/plans/. 4. Sanitization: No validation or sanitization is performed on the ingested data before the agent processes it for decision-making.
Audit Metadata