test-driven-development
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is susceptible to indirect prompt injection (Category 8) because it ingests untrusted requirements for features and bugfixes and has write/execute capabilities. Evidence: 1. Ingestion points: Feature and bugfix descriptions via SKILL.md instructions. 2. Boundary markers: Absent. 3. Capability inventory: Production code writing and shell execution via npm test (SKILL.md). 4. Sanitization: Absent. Malicious requirements could influence the agent to generate and execute harmful code.
- [COMMAND_EXECUTION] (HIGH): The skill mandates shell command execution (npm test) on agent-generated code. Since this code is derived from untrusted user instructions, it provides an exploitable path for arbitrary command execution on the host environment if the agent is successfully injected.
Recommendations
- AI detected serious security threats
Audit Metadata