test-driven-development
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill establishes an indirect prompt injection surface by requiring the agent to execute tests and code provided in the workspace which could be attacker-controlled. \n
- Ingestion points: Test files (e.g.,
tests/test_feature.py) and implementation files are ingested and executed. \n - Boundary markers: Absent. The skill does not instruct the agent to use delimiters or ignore instructions embedded within the test files. \n
- Capability inventory: The skill uses the
terminaltool for execution (pytest) and thefiletool for writing implementation code. \n - Sanitization: None. There is no instruction to validate or sanitize the content of test files before running them. \n- [COMMAND_EXECUTION]: The skill uses the
terminaltool to runpytest. This is a standard and legitimate use of the tool within a development-focused skill for verifying code behavior. \n- [PROMPT_INJECTION]: The skill uses authoritative language and strict rules (e.g., 'The Iron Law', 'MANDATORY') to enforce the TDD methodology. These are legitimate process constraints and do not attempt to bypass agent safety filters or override the agent's core identity.
Audit Metadata