tdd-workflow
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill instructs the agent to execute shell commands such as 'npm test', 'npm run test:coverage', and 'npm run lint'. This is standard behavior for a TDD workflow skill but involves local code execution within the agent's environment.
- [INDIRECT_PROMPT_INJECTION] (LOW):
- Ingestion points: The skill ingests 'User Journeys' (Step 1) which are natural language descriptions provided by users.
- Boundary markers: Absent. There are no explicit instructions to sanitize or delimit the user-provided journey text when generating test code.
- Capability inventory: The agent generates and executes test code based on these journeys via 'npm test'.
- Sanitization: None. The skill assumes the 'User Journey' is benign and does not provide logic to escape potentially malicious strings in the journey description that could influence test generation.
- [SAFE] (SAFE): No hardcoded credentials, obfuscation, or unauthorized network calls were detected. The skill uses standard mocking patterns for services like Supabase, Redis, and OpenAI.
Audit Metadata