Skills
skills/shihyuho/skills/cover-branches/Gen Agent Trust Hub

cover-branches

Pass

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Executes git diff in Phase 1 to identify changed source and test files within the repository.
  • [COMMAND_EXECUTION]: Infers and runs test commands (e.g., via package.json or Makefile) in Phase 3 to verify the generated tests, which involves executing arbitrary shell commands determined by local project configuration.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from source and specification files during Phase 2. Ingestion points: Reads local files identified by git diff or user input in Phase 2. Boundary markers: None identified to separate instructions from code/spec content. Capability inventory: Executes shell commands, writes files, and launches sub-agents. Sanitization: No validation or sanitization of file content is performed before processing.
  • [COMMAND_EXECUTION]: Uses the Agent tool in Phase 2 to launch parallel sub-agents for concurrent logic and scenario analysis.
Audit Metadata
Risk Level
SAFE
Analyzed
May 7, 2026, 03:09 AM
Security Audit — agent-trust-hub — cover-branches