run-tests
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes test failure outputs in Phase 2 for analysis, creating a surface for indirect prompt injection if the output contains malicious instructions.\n
- Ingestion points: Test failure logs, tracebacks, and stdout/stderr from
pytestandnpm testare ingested into the agent context.\n - Boundary markers: Absent. The skill does not define specific delimiters or instructions for the analyzer agents to ignore content within the logs.\n
- Capability inventory: The skill executes shell commands (
poetry run pytest,npm run test) and manages file-based reporting.\n - Sanitization: Absent. Raw test output is processed directly for failure analysis.\n- Command Execution (SAFE): The skill executes standard test runners within specific directories. This is the primary intended purpose of the skill and does not involve elevated privileges or suspicious network calls.
Audit Metadata