tdd
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to indirect prompt injection due to its core design of processing untrusted feature descriptions while maintaining high-privilege capabilities. (1) Ingestion points: The and <TEST_NAME> arguments in the 'start', 'red', and 'cycle' actions in SKILL.md. (2) Boundary markers: No delimiters or isolation instructions are provided to separate user-provided requirements from agent instructions. (3) Capability inventory: The skill performs file creation and modification (writing source and test files) and shell command execution (running npm test). (4) Sanitization: No input validation or sanitization is performed on the feature descriptions.
- [COMMAND_EXECUTION] (MEDIUM): The skill encourages the use of 'npm test' and 'pnpm test' to validate code. While standard for development, if an agent executes these in an unsandboxed environment, it provides a direct path for the execution of code generated from potentially malicious requirements.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill depends on the 'vitest' framework. While a common library, it is an external dependency from a source not explicitly listed as trusted, and the skill provides no integrity verification.
Recommendations
- AI detected serious security threats
Audit Metadata