run-tests
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill facilitates the execution of local test suites via
poetry run pytestandnpm run test. These are standard developer operations and do not involve high-risk patterns like downloading external scripts or privilege escalation. - [PROMPT_INJECTION] (LOW): An Indirect Prompt Injection surface is present in the Phase 2 failure analysis step. • Ingestion points: Test failure logs and error messages are read by the agent to perform root cause analysis. • Boundary markers: Absent; there are no explicit delimiters or instructions provided to the analyzers to ignore embedded instructions within logs. • Capability inventory: The agent can execute local commands for testing and analysis. • Sanitization: Absent; the skill does not validate or sanitize test output before passing it to the parallel analyzers. An attacker with control over test files or error messages could potentially influence the analysis phase.
Audit Metadata