test
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to run validation scripts like linting, type checking, and unit tests. This behavior is expected for a skill designed to validate implementation before commits or reviews.
- [INDIRECT_PROMPT_INJECTION]: The skill processes project configuration files to identify and execute test runners, which creates an attack surface if an attacker has modified the repository's configuration. Ingestion points: The skill reads package.json, pyproject.toml, and other project files via the Read tool. Boundary markers: There are no specific instructions to the agent to ignore potentially malicious instructions embedded within the processed data. Capability inventory: The skill has access to the Bash, Read, and Glob tools. Sanitization: No sanitization or validation of the commands extracted from the project configuration is specified before execution.
Audit Metadata