test-driven-development
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- SAFE (SAFE): The skill consists entirely of instructional documentation. No malicious scripts, hardcoded credentials, or data exfiltration patterns were detected.
- COMMAND_EXECUTION (LOW): The skill directs the agent to execute 'npm test' to verify development progress. This is a standard operation within a developer's local environment and does not involve untrusted remote sources.
- PROMPT_INJECTION (LOW): The skill uses imperative language and strict 'Iron Laws' (e.g., 'Delete means delete') to override the agent's default coding behavior. This is consistent with the skill's intended purpose but involves instruction-based control of agent output.
- INDIRECT_PROMPT_INJECTION (LOW): The skill creates an attack surface by instructing the agent to delete production code based on its evaluation of the development process. * Ingestion points: User-provided source code and test execution results. * Boundary markers: No explicit markers are defined for the code being processed. * Capability inventory: The skill calls for command execution ('npm test') and file management (deletion). * Sanitization: There is no validation or sanitization of input data before the agent applies the TDD enforcement logic.
Audit Metadata