shell-testing
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of shell commands through BATS and Zunit to verify script behavior. This is the primary function of the tool and is performed within the user's project context. It also recommends mocking external dependencies by dynamically generating executable stub scripts in temporary directories, a standard practice for environment isolation.\n- [EXTERNAL_DOWNLOADS]: The documentation references well-known open-source testing frameworks such as BATS-core and Zunit from their official GitHub repositories. These are recognized industry-standard tools for shell script verification and are considered safe sources.\n- [PROMPT_INJECTION]: The skill processes user-supplied shell scripts to generate test cases, creating a theoretical attack surface for indirect prompt injection. \n
- Ingestion points: User-provided bash or zsh scripts passed to the agent for test generation.\n
- Boundary markers: None explicitly defined in the instructions to separate user code from agent instructions.\n
- Capability inventory: File reading, shell command execution via
bats, and script generation/execution in temporary directories as defined in SKILL.md and reference files.\n - Sanitization: No explicit sanitization of input scripts is mentioned; however, the skill strongly mandates test isolation via subshells and temporary directories, which effectively mitigates the potential impact of malicious input.
Audit Metadata