test-driven-development

The skill 'test-driven-development' is provided as a Markdown file (SKILL.md) and serves as a comprehensive guide to the TDD methodology. It includes explanations, examples (in TypeScript and Bash for npm test), and best practices.

1. Prompt Injection: No patterns indicative of prompt injection (e.g., 'IMPORTANT: Ignore', 'CRITICAL: Override', 'DAN' jailbreaks) were found. The use of 'IMPORTANT' and 'MANDATORY' is in a benign, instructional context.
2. Data Exfiltration: There are no commands or instructions that attempt to read sensitive files or exfiltrate data to external servers. The npm test commands are for local execution within the described TDD workflow, not for network communication.
3. Obfuscation: No obfuscation techniques such as Base64 encoding, zero-width characters, homoglyphs, or other encoding methods were detected. The .dot graph definition is a standard declarative language for graph visualization, not a security obfuscation.
4. Unverifiable Dependencies: The skill does not instruct the installation of any external packages or dependencies (e.g., npm install, pip install). The npm test command assumes a local development environment, but does not introduce new, unverified external code.
5. Privilege Escalation: No commands like sudo, chmod, or instructions for installing services were found.
6. Persistence Mechanisms: No attempts to establish persistence (e.g., modifying shell configurations, creating cron jobs) were detected.
7. Metadata Poisoning: The name and description fields in the skill's front matter are benign and accurately reflect the skill's purpose.
8. Indirect Prompt Injection: As this skill is purely informational and does not process external user input, it is not susceptible to indirect prompt injection.
9. Time-Delayed / Conditional Attacks: No conditional logic based on time, usage, or environment variables that could trigger malicious behavior was found.

In conclusion, the skill is a static, descriptive document with no active components that could pose a security threat. It is categorized as a 'NO_CODE' skill, which inherently reduces security risks.