The Agent Skills Directory

Category 2: Data Exposure & Exfiltration (SAFE): The skill handles authentication for the Pact Broker correctly by using environment variables (PACT_BROKER_TOKEN) and CI secrets. It includes a security checklist specifically advising against including sensitive data in contract files.- Category 4: Unverifiable Dependencies (SAFE): Relies on standard, well-known testing libraries like pact-python and pytest. The use of the pact-broker CLI is standard for this testing methodology.- Category 5: Privilege Escalation (SAFE): No use of sudo or other privilege escalation commands detected. Commands are restricted to standard testing and deployment operations.- Category 8: Indirect Prompt Injection (LOW): The templates use placeholders for user-provided names (e.g., CONSUMER_NAME). While these are points of ingestion for user data into generated scripts, the risk is mitigated by the intended developer-facing use case and the absence of high-risk automated execution of these scripts within the skill itself.- Category 10: Dynamic Execution (SAFE): The provider state manager uses a dictionary mapping to dispatch method calls based on string identifiers. This is a standard and safe implementation of the Pact Provider States pattern and does not involve eval() or untrusted code execution.

contract-testing