test-driven-development

The skill consists of a single markdown file (SKILL.md) that outlines the concepts of Test-Driven Development (TDD) and common anti-patterns. It includes textual explanations, code examples in TypeScript and Bash, and a dot graph definition.

1. Prompt Injection: No patterns indicative of prompt injection (e.g., 'IMPORTANT: Ignore', 'Override your constraints', 'DAN') were found. The use of words like 'IMPORTANT' or 'MANDATORY' is in a pedagogical context to emphasize TDD principles, not to manipulate the AI's behavior.
2. Data Exfiltration: No commands or code snippets that attempt to read sensitive files or exfiltrate data to external servers were detected. The npm test commands are local and do not involve network requests for data exfiltration.
3. Obfuscation: No obfuscation techniques such as Base64 encoding, zero-width characters, homoglyphs, or URL/hex/HTML encoding were found. The dot graph definition is a standard declarative language, not an obfuscation technique.
4. Unverifiable Dependencies: The skill is purely instructional and does not install or execute any external dependencies. While npm test is mentioned in examples, the skill itself does not perform npm install or similar operations.
5. Privilege Escalation: No commands like sudo, chmod +x, or attempts to modify system files were found.
6. Persistence Mechanisms: No attempts to establish persistence (e.g., modifying .bashrc, creating cron jobs) were detected.
7. Metadata Poisoning: The skill's name and description in the front matter are benign and accurately reflect its content.
8. Indirect Prompt Injection: The skill does not process external user-provided content, so it is not susceptible to indirect prompt injection.
9. Time-Delayed / Conditional Attacks: No conditional logic based on dates, times, usage, or environment variables was found.

In conclusion, this skill is a static, informational document and poses no security risks.