The Agent Skills Directory

[COMMAND_EXECUTION]: The CoverageAnalyzer class in SKILL.md contains a method analyze_coverage that passes the variable test_command to subprocess.run. This pattern presents a command injection risk if the command string or its arguments are derived from untrusted input, allowing for the execution of arbitrary shell commands.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it parses and processes untrusted data from source code files to generate tests. (1) Ingestion points: The _analyze_python method in SKILL.md reads content from external file paths via the open() function. (2) Boundary markers: The skill does not use delimiters or provide instructions to the agent to ignore instructions embedded within the analyzed source code (e.g., in docstrings). (3) Capability inventory: The skill possesses file system read access and the ability to execute subprocesses via the CoverageAnalyzer class. (4) Sanitization: No sanitization or validation is performed on the data extracted from source files (such as function metadata or docstrings) before it is included in the context for test generation.

unit-testing-test-generate