test-driven-development
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (MEDIUM): The skill uses strong imperatives and behavioral framing ('Stop. That's rationalization', 'Delete means delete', 'Violating the letter... is violating the spirit') to bypass the agent's default decision-making and force adherence to a specific workflow.
- COMMAND_EXECUTION (MEDIUM): The skill mandates the execution of shell commands such as
npm teston local files. This creates a risk of code execution if the files being tested contain malicious logic from external contributors or untrusted sources. - INDIRECT_PROMPT_INJECTION (MEDIUM): The skill lacks safety boundaries for processing external code. Ingestion point: project test files; Boundary markers: None; Capability inventory: shell execution via npm; Sanitization: None. The requirement to run tests without isolation allows for potential exploit via malicious test content.
Audit Metadata