tdd
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill instructs the agent to execute shell commands such as
uv run pytestand local project scripts likebin/ci-local. While essential for the primary TDD purpose, this relies on the assumption that the local project environment and its scripts are trustworthy.\n- [EXTERNAL_DOWNLOADS] (LOW): The use ofuv runcan lead to the automatic download and installation of dependencies specified in the project's configuration files (e.g.,pyproject.toml). These external packages are not verified by the skill itself.\n- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection (Category 8). The skill analyzes user-provided project files to identify code improvement opportunities. Maliciously crafted content within these files could attempt to manipulate the agent's behavior during analysis.\n - Ingestion points: Reads files in the
tests/directory,pytest.ini, andpyproject.tomlto identify TDD infrastructure and refactoring patterns.\n - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used when the agent processes project files.\n
- Capability inventory: The skill allows for shell command execution and production code modification.\n
- Sanitization: No sanitization or verification of the ingested code or configuration content is performed before analysis.
Audit Metadata