test-driven-development
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to run local test commands such as
npm test. This creates an attack surface where a malicious project could execute arbitrary code via test scripts or npm hooks. - [PROMPT_INJECTION]: The instructions use highly authoritative and restrictive language (e.g., "The Iron Law", "Delete means delete", "No exceptions") to mandate a specific coding behavior. While intended to enforce TDD principles, this acts as a behavioral override for the agent.
- [COMMAND_EXECUTION]: Indirect Prompt Injection Surface:
- Ingestion points: User-provided source code and test files (SKILL.md).
- Boundary markers: Absent.
- Capability inventory: Shell command execution via
npm test(SKILL.md). - Sanitization: None; the skill assumes the provided test code is safe to execute.
- [SAFE]: No hardcoded credentials, sensitive file path access, or unauthorized network communications were detected in the provided files.
Audit Metadata