testing-patterns
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The
scripts/test_runner.pyscript usessubprocess.runto execute test suites for Node.js (npm, jest, vitest) and Python (pytest). The commands are constructed using hardcoded string lists, which prevents shell injection vulnerabilities. This functionality is the primary purpose of the script and is implemented following security best practices. - [SAFE]: The
SKILL.mdfile contains purely informational markdown content about testing principles such as the Testing Pyramid and AAA pattern. It does not contain any executable code, remote resource references, or prompt injection attempts. - [SAFE]: The script reads local project configuration files like
package.jsonandpyproject.tomlto detect the environment. It does not access sensitive user directories or exfiltrate data.
Audit Metadata