tdd-workflow
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill acts as a documentation resource for software testing workflows.
- [COMMAND_EXECUTION]: Includes standard development commands such as
npm testandnpm run test:coverage. These are typical for the described purpose and do not pose a security risk in this context. - [EXTERNAL_DOWNLOADS]: References official and well-known services including GitHub Actions (
codecov/codecov-action), Supabase, Redis, and OpenAI. These references are used for mocking or CI/CD documentation and follow the [TRUST-SCOPE-RULE]. - [INDIRECT_PROMPT_INJECTION]: While the skill processes user-provided journeys to generate tests, the primary capability is local command execution for testing (
npm test). There is no evidence of unsafe interpolation or data exfiltration paths.
Audit Metadata