test-driven-development
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill creates a significant vulnerability surface where untrusted external content can influence destructive actions and command execution.
- Ingestion points: Source code files and task descriptions provided by the user for feature implementation, bugfixes, or refactoring.
- Boundary markers: Absent. There are no instructions for the agent to use delimiters or to disregard instructions embedded in the code it processes.
- Capability inventory: The agent is authorized to perform file system modifications and deletions ('Delete it completely') and to execute shell commands (
npm test). - Sanitization: Absent. No validation or escaping is specified for the code content being processed or for the arguments passed to the test runner.
- Command Execution (MEDIUM): The skill explicitly instructs the agent to run the
npm testcommand. While this is a standard development practice, the lack of input sanitization for the file paths or the content of the files being tested presents a risk if an attacker can manipulate the file environment.
Recommendations
- AI detected serious security threats
Audit Metadata