test-driven-development
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill instructs the agent to process untrusted external data into executable code.\n
- Ingestion points: External bug reports and feature descriptions (SKILL.md).\n
- Boundary markers: Absent; no delimitation or 'ignore instructions' warnings provided in the core cycle definitions.\n
- Capability inventory: Mandatory execution via
npm testis required by the 'Iron Law' of the skill.\n - Sanitization: Absent; the agent is urged to execute code immediately to verify failure, which involves running potentially malicious content embedded in the test logic.\n- Command Execution (HIGH): The skill explicitly requires the agent to perform shell command execution as part of the core development cycle.\n
- Evidence:
npm test path/to/test.test.tsis listed as a 'MANDATORY' verification command in both the 'Verify RED' and 'Verify GREEN' phases.
Recommendations
- AI detected serious security threats
Audit Metadata