tdd-workflow
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill documents a standard and secure software engineering workflow for Test-Driven Development (TDD). It emphasizes writing tests before code, maintaining high test coverage, and using Git for incremental development checkpoints.
- [COMMAND_EXECUTION]: The instructions direct the agent to execute standard local development commands, including 'npm test', 'npm run test:coverage', and 'npm run lint'. These are routine commands within a Node.js environment for verifying code correctness and quality.
- [PROMPT_INJECTION]: The skill's workflow involves taking 'User Journeys' as input to drive test and code generation. This creates a surface for indirect prompt injection where malicious instructions could be embedded in the requirements. Ingestion points: User Journey definitions in Step 1. Boundary markers: Absent. Capability inventory: Shell command execution via 'npm test' and the ability to modify project source code. Sanitization: No sanitization or validation of the input requirements is specified.
Audit Metadata