Skills
skills/mehdic/cdc/test-pattern-analysis/Gen Agent Trust Hub

test-pattern-analysis

Pass

Audited by Gen Agent Trust Hub on Jun 21, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from the user's project files.
  • Ingestion points: The script analyze_tests.py recursively searches and reads the contents of test files (e.g., .py, .js, .go, .java) and configuration files (e.g., conftest.py, package.json, pytest.ini) via the find_test_files and analyze_test_file functions.
  • Boundary markers: There are no markers or explicit instructions provided to the calling agent in SKILL.md to ignore instructions that might be embedded within the project files being analyzed.
  • Capability inventory: The skill is configured with Bash and Read tool access in SKILL.md, allowing it to run local scripts and read any file in the project.
  • Sanitization: The extraction logic in patterns.py (e.g., extract_pytest_fixtures) uses regular expressions to capture docstrings and fixture names directly from source code and includes them in the analysis summary without sanitization or escaping.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 21, 2026, 03:30 AM
Security Audit — agent-trust-hub — test-pattern-analysis