test-health
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill can execute project-defined test and coverage commands (e.g.,
npm run coverage,pytest) when the--collectflag is explicitly used in Full Mode. This is a standard and documented feature of the development utility. - [DATA_EXPOSURE]: Historical test metrics are persisted in the
.claude/cache/test-health/directory. This is used solely for computing trend deltas and remains within the local project environment. - [INDIRECT_PROMPT_INJECTION]: The skill processes external data including test runner output (stdout) and coverage artifacts (LCOV, XML, JSON).
- Ingestion points: Reads coverage files and test runner output from the repository environment.
- Boundary markers: Data is parsed into structured metrics and presented in Markdown tables; the parsing logic itself acts as a filter.
- Capability inventory: Includes execution of restricted bash commands (git, npm, cargo, etc.) and the ability to trigger other agent skills like
/check-coverage. - Sanitization: Extraction logic uses specific regular expressions and strict JSON/numeric parsing to convert raw text into quantitative metrics, effectively neutralizing potential embedded instructions.
Audit Metadata