test-driven-development
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill establishes a workflow for processing untrusted external inputs, such as feature requests and bug reports, which are then used to generate and execute code. This creates a potential surface for indirect prompt injection.\n
- Ingestion points: User-provided descriptions for new features, bug fixes, or refactoring tasks, as mentioned in the "When to Use" section of SKILL.md.\n
- Boundary markers: The instructions do not specify any delimiters or safety markers to isolate user-provided data from the agent's internal logic.\n
- Capability inventory: The agent is instructed to execute shell commands (e.g., npm test) to verify the implementation, as detailed in the "Verify RED" and "Verify GREEN" sections.\n
- Sanitization: No methods for validating or sanitizing the input data are provided before it is processed or used in code generation.\n- [COMMAND_EXECUTION]: The skill directs the agent to run testing commands like "npm test" on the local filesystem. This is a standard operation for the stated purpose of the skill and does not involve suspicious flags or unauthorized network access.
Audit Metadata