test-driven-development
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is highly susceptible to Indirect Prompt Injection (Category 8) because it facilitates the processing of untrusted external data with high-privilege capabilities.
- Ingestion points: Untrusted data enters the context via feature descriptions, bug reports, and refactoring requests (SKILL.md).
- Boundary markers: None. The skill lacks instructions to delimit or sanitize external inputs, or to ignore embedded commands within them.
- Capability inventory: The skill empowers the agent to perform file-write operations (creating test and production code) and subprocess execution (
npm testin SKILL.md). - Sanitization: None. There is no mention of escaping or validating external content before it is used to generate executable tests or code.
- [COMMAND_EXECUTION] (MEDIUM): The skill explicitly directs the agent to execute shell commands (
npm test) at multiple stages of the development cycle. While standard for TDD, this capability can be abused if the generated test code is influenced by malicious external input.
Recommendations
- AI detected serious security threats
Audit Metadata