test-driven-development
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill instructs the agent to execute shell commands to run tests. Evidence: usage of
npm test path/to/test.test.tsin SKILL.md. This is a standard development capability but constitutes an execution surface. - PROMPT_INJECTION (LOW): The skill employs strong imperative language and override markers to enforce its workflow. Evidence: "The Iron Law: NO PRODUCTION CODE WITHOUT A FAILING TEST FIRST", "Stop. That's rationalization.", and "Red Flags
- STOP and Start Over". These patterns are used for pedagogical purposes but resemble instructions designed to override default agent behavior.
- INDIRECT_PROMPT_INJECTION (INFO): The skill defines a workflow for processing untrusted external data (feature requests and bug reports).
- Ingestion points: SKILL.md refers to implementing "any feature or bugfix" based on user input.
- Boundary markers: None. No explicit delimiters are suggested for separating the user's feature request from the agent's instructions.
- Capability inventory: Command execution via
npm test. - Sanitization: None. The skill does not describe any validation of the feature description text before processing.
- Risk: Malicious instructions embedded in a bug report or feature description could potentially influence the agent's code generation or test creation phase.
Audit Metadata