test-architect
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the 'uv' tool to execute internal Python scripts ('coverage-analyzer.py', 'edge-case-generator.py', and 'flaky-test-analyzer.py') for data processing. These scripts are local to the skill package and do not perform network operations. Additionally, the skill creates a temporary HTML file to display analysis results in a web browser.
- [PROMPT_INJECTION]: The skill analyzes untrusted data from external sources, creating a surface for indirect prompt injection.
- Ingestion points: The skill reads source code, coverage reports (JSON/LCOV), and test logs during analysis.
- Boundary markers: The instructions lack explicit boundary markers or directives to ignore instructions contained within the analyzed data.
- Capability inventory: The skill can execute commands via the agent to run analysis scripts and open the generated dashboard.
- Sanitization: While the dashboard template uses HTML escaping for data injection, there is no logic to sanitize or filter natural language instructions found in the analyzed files.
Audit Metadata