tdd
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows security best practices for AI agents. It uses a 'Fresh Context Protocol' to isolate subagent instructions and provides explicit file-type boundaries (e.g., RED phase only edits test files) to prevent model drift or unauthorized file access.
- [COMMAND_EXECUTION]: The skill uses the Bash tool and standard development CLI commands (git, npx) for project management and test execution. These operations are restricted to the intended TDD cycle and project scope.
- [EXTERNAL_DOWNLOADS]: Installation instructions reference the author's own skill repository using standard package management tools (npx). This is a legitimate vendor resource used for extending functionality.
- [PROMPT_INJECTION]: While the skill ingests external project documentation (e.g., ARCHITECTURE.md, glossary.md) to provide context to subagents—creating an indirect prompt injection surface—it employs clear header delimiters and structured handoff schemas to mitigate the risk of instructions in those files overriding agent behavior.
Audit Metadata