Skills
skills/generaljerel/chalk-skills/validate-test-coverage/Gen Agent Trust Hub

validate-test-coverage

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it ingests untrusted data from the local file system without adequate sanitization or boundary markers.
  • Ingestion points: Processes project documentation, user stories, and source code files from .chalk/docs/ and the codebase (SKILL.md).
  • Boundary markers: The workflow lacks explicit delimiters or instructions to ignore commands that might be embedded within the requirement documents or test files.
  • Capability inventory: The skill utilizes Read, Glob, and Grep tools to extract information from the filesystem.
  • Sanitization: No validation or filtering is applied to the ingested content to prevent the execution of malicious instructions found within data.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 08:11 AM
Security Audit — agent-trust-hub — validate-test-coverage