bdd
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill serves a legitimate developer productivity purpose by guiding the user through the BDD lifecycle. No malicious patterns, credentials, or unauthorized access attempts were found.
- [EXTERNAL_DOWNLOADS]: The skill references industry-standard testing tools (Cucumber, Playwright, PactumJS, Detox) and provides links to their official documentation. These are well-known services and the references are purely informational.
- [COMMAND_EXECUTION]: The skill includes examples of common CLI commands for running tests, such as 'npx cucumber-js' and 'npx playwright-bdd test'. These are used within the context of standard development workflows and do not involve privilege escalation.
- [PROMPT_INJECTION]: The skill processes user-defined Gherkin features (.feature files). While this is a surface for indirect prompt injection, the skill's capabilities are limited to generating code templates and running tests, which do not pose a high risk under this workflow.
Audit Metadata