test-generator
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands to detect the development environment and run test runners. Specifically, it uses
catandgrepon project configuration files and executesnpx vitestorpytestto verify tests and report coverage. - [PROMPT_INJECTION]: The skill is potentially vulnerable to indirect prompt injection because it analyzes untrusted source code provided by the user. Malicious instructions could be placed in code comments to attempt to manipulate the agent's behavior during analysis.
- Ingestion points: Reads user source code files to identify testable logic and dependencies.
- Boundary markers: No explicit markers or instructions are provided to distinguish between code logic and natural language instructions in comments.
- Capability inventory: The skill can execute shell commands for framework detection and testing, and can write test files to the local file system.
- Sanitization: Source code content is analyzed without sanitization filters.
Audit Metadata