testing
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill defines commands to execute test suites using
pytestandcoverage(e.g.,pytest tests/unit/ -v). This is standard functionality for a testing skill and operates within the expected development environment. - [DATA_EXPOSURE]: The skill references sensitive files like
.envandtests/cred.py. It explicitly advises against committing secrets to version control and recommends using environment variables, which is a recognized security best practice for secret management. - [INDIRECT_PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it executes code within the
tests/directory. - Ingestion points: The agent reads and executes files from the local
tests/directory. - Boundary markers: None present for the code being executed.
- Capability inventory: Shell command execution via
pytestandcoverage(SKILL.md). - Sanitization: No sanitization is performed on the test scripts before execution.
- Analysis: Since this risk is inherent to the primary purpose of the skill (testing code) and the skill includes hygiene warnings, the risk is considered acceptable for its intended use case.
Audit Metadata