The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes multiple system commands and language-specific test runners based on automatic project detection.
Evidence: scripts/coverage.sh and scripts/coverage.ps1 execute pytest, npm test, go test, mvn, and gradle.
Evidence: Executes a Python snippet to query a local SQLite database (bazinga/bazinga.db) for session IDs.
Evidence: Executes an external Python script from a sibling skill (.claude/skills/bazinga-db/scripts/bazinga_db.py) to persist coverage reports.
[EXTERNAL_DOWNLOADS]: The skill automatically installs missing testing dependencies from well-known public registries if they are not detected in the environment.
Evidence: scripts/coverage.sh calls pip install pytest pytest-cov when Python is detected but coverage tools are missing.
Evidence: scripts/coverage.ps1 performs similar logic using pip install on Windows environments.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it executes test suites on user-provided project code, which could contain malicious code designed to influence the agent via test outputs.
Ingestion points: Test files and project source code processed by scripts/coverage.sh during coverage runs.
Boundary markers: None; the skill executes local project code via bash/powershell without explicit separation or warnings to ignore embedded instructions.
Capability inventory: The skill utilizes the Bash tool to execute arbitrary code and the Read tool to access the filesystem.
Sanitization: No validation or sanitization of project code or test output is performed before the agent processes the coverage summary.

test-coverage