test-driven-development
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): The instructions use strong language such as 'MANDATORY' and 'The Iron Law' to enforce the TDD methodology. These are internal behavioral constraints for the development process and do not attempt to override the AI's core safety filters or extract system prompts.
- [Command Execution] (SAFE): The skill references 'npm test' as a standard command for executing local test suites. This is consistent with the stated purpose of the skill and does not involve malicious or unauthorized command strings.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, sensitive file paths, or network exfiltration patterns were identified. The examples provided are generic code snippets (e.g., email validation, retry logic) without sensitive data.
- [Unverifiable Dependencies] (SAFE): The skill assumes the presence of standard Node.js testing frameworks (Jest/Vitest). It does not attempt to download external scripts, install unverified packages, or execute code from remote sources.
- [Dynamic Execution] (SAFE): While the skill involves the agent writing and running code, this is restricted to the context of local testing and development as part of the TDD cycle. There are no patterns involving the execution of untrusted external input or unsafe deserialization.
Audit Metadata