refactoring-codeceptjs-tests
Pass
Audited by Gen Agent Trust Hub on May 23, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes untrusted external data (test files and project configuration) to guide its logic and command generation.
- Ingestion points: Reads files from the
testsdirectory,custom_steps.js, and project configuration files via thecodeceptjs-fundamentalsskill. - Boundary markers: The skill lacks explicit boundary markers or instructions to disregard embedded commands in the files it analyzes.
- Capability inventory: Possesses the ability to write to the file system (applying refactors) and execute shell commands (
npx codeceptjs run). - Sanitization: No explicit sanitization of file content is described; however, the workflow mandates that the agent 'proposes changes first' and 'applies after approval', providing a human-in-the-loop safeguard.
- [COMMAND_EXECUTION]: The skill executes shell commands using the
npxutility to run tests. While standard for this workflow, the arguments (grep patterns for scenarios/features) are derived from the project context, which could potentially be manipulated if scenario names in analyzed files contain shell metacharacters.
Audit Metadata