test-driven-development
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): No evidence of credential theft, data exfiltration, or unauthorized persistence was found. The skill adheres to standard software development practices.
- [Indirect Prompt Injection] (LOW): The skill possesses an ingestion surface for untrusted data as it processes user requirements to generate and execute code/tests.
- Ingestion points: User instructions for features and bugfixes are interpolated into code generation prompts.
- Boundary markers: Absent. The skill does not explicitly define delimiters for user-provided requirements.
- Capability inventory: The skill uses
npm testto execute generated code, which could potentially run malicious code if the user-provided requirements contain an injection attack targeting the test environment. - Sanitization: Absent. The skill does not describe methods for sanitizing user input before generating executable tests.
Audit Metadata