test-driven-development
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands such as
npm test <path>to verify test results during the TDD cycle. This is a standard development operation but grants the skill access to the terminal environment. - [PROMPT_INJECTION]: The skill employs highly authoritative and imperative language, including phrases like 'The Iron Law,' 'No exceptions,' and 'Violating the letter of the rules is violating the spirit of the rules.' These patterns are used to constrain agent behavior and enforce a specific workflow (TDD), instructing the agent to ignore or delete code that was not developed according to the ritual.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its processing of untrusted user data.
- Ingestion points: Processes user-provided feature descriptions, bug reports, and implementation code within
SKILL.md. - Boundary markers: The skill lacks explicit delimiters or instructions to ignore embedded commands within the processed data.
- Capability inventory: The agent is authorized to execute shell commands (
npm test) and perform file deletions ('Delete means delete') based on the TDD state. - Sanitization: There is no evidence of input validation or sanitization before the agent acts on the processed data.
Audit Metadata