testing-patterns
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The
scripts/test_runner.pyscript executes external test frameworks via the Pythonsubprocessmodule. - Evidence: The
run_testsfunction callssubprocess.runwith commands such asnpm test,npx vitest,npx jest, andpytest. - Mitigation: Commands are invoked using argument lists rather than shell strings, and the script does not use
shell=True, which significantly reduces the risk of command injection.
Audit Metadata