test-driven-development
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONNO_CODE
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to run 'npm test' to validate code against failing and passing tests. This is a standard procedure for software development and does not include malicious command structures.
- [PROMPT_INJECTION]: The instructions use strong, imperative language (e.g., 'Iron Law', 'MANDATORY', 'Delete means delete') to enforce the TDD methodology. This behavior is confined to the coding workflow and does not attempt to override system safety protocols.
- [NO_CODE]: The skill is entirely instructional and does not provide standalone executable scripts or binaries.
- [DATA_EXPOSURE]: No sensitive information, such as credentials or private paths, is present in the skill files or code examples.
- [INDIRECT_PROMPT_INJECTION]: The skill facilitates an environment where user-provided requirements lead to code execution via tests. 1. Ingestion points: User feature requests. 2. Boundary markers: Absent. 3. Capability inventory: Command execution via 'npm test'. 4. Sanitization: Not present in the provided markdown. As an instructional skill for code generation, this surface is expected.
Audit Metadata