test-driven-development
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is entirely composed of instructional content and documentation regarding Test-Driven Development (TDD) and Ruby on Rails testing. It does not contain any suspicious logic, network exfiltration, or obfuscated content.
- [COMMAND_EXECUTION]: The instructions include standard Rails development commands such as
bin/rails testandbin/rails db:schema:load. These commands are expected within the context of a development tool and do not involve high-risk patterns likesudoor piping remote content to a shell. - [INDIRECT_PROMPT_INJECTION]: The skill involves processing user-provided code and requirements, which creates a potential surface for indirect prompt injection.
- Ingestion points: User-supplied feature descriptions, bug reports, and existing implementation code (referenced in
SKILL.md). - Boundary markers: None present in the instructions to separate user data from agent instructions.
- Capability inventory: The skill workflow involves creating/modifying files and executing local tests via
bin/rails test(referenced inSKILL.mdandtesting-strategy.md). - Sanitization: No explicit sanitization or validation rules are defined for the data processed during the TDD cycle.
- [DYNAMIC_EXECUTION]: The documentation describes the use of standard Rails features like ERB (Embedded Ruby) in YAML fixtures and raw SQL execution via
ActiveRecord::Base.connection.executefor migration testing. These are documented as standard practices for the framework and do not constitute an abnormal security risk.
Audit Metadata