ai-test-generation
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a robust, security-conscious workflow for test generation, prioritizing traceability and human oversight at every stage.
- [PROMPT_INJECTION]: The skill processes untrusted external data, which constitutes an indirect prompt injection surface as per Category 8 requirements:
- Ingestion points: Untrusted sources such as PRDs, user stories, code diffs, bug reports, and API schemas are ingested during the requirements extraction phase (Step 1).
- Boundary markers: Prompt templates in
references/prompt-patterns.mdutilize triple-dash (---) delimiters to encapsulate external content and separate it from instructions. - Capability inventory: The skill is designed to guide an agent in generating test code for frameworks like Playwright, Jest, and pytest, which interact with local and environment-specific resources.
- Sanitization: While no automated input filtering is specified, the workflow mandates a comprehensive human review (Step 7) as a final gate for all generated code, which is an effective control for the intended use case.
Audit Metadata