test-automator

Pass

Audited by Gen Agent Trust Hub on Mar 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides two Python utilities, scripts/generate_test.py and scripts/coverage_report.py, which are used to generate Markdown templates for test planning and reporting. These scripts use the standard pathlib library to create directories and write files to the local file system based on user-provided arguments.- [EXTERNAL_DOWNLOADS]: The skill's documentation contains links to external educational resources (e.g., Google Engineering Practices) and references a GitHub repository (Charon-Fan/agent-playbook) for installation purposes.- [PROMPT_INJECTION]: The skill represents an indirect prompt injection surface as it is designed to analyze and write tests for user-provided code. 1. Ingestion points: The skill ingests user functions and code files through requests like 'Write tests for this function'. 2. Boundary markers: No specific delimiters or 'ignore embedded instructions' warnings are present in the skill body. 3. Capability inventory: The skill has access to powerful tools including Bash, Write, and Edit. 4. Sanitization: There is no visible logic for sanitizing or escaping the content of user-provided code before it is processed for test generation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 22, 2026, 06:16 PM
Security Audit — agent-trust-hub — test-automator