test-driven-development
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is susceptible to Indirect Prompt Injection (Category 8) due to its core functionality.
- Ingestion points: The skill is designed to process external feature requests, bug reports, and complex business logic requirements.
- Boundary markers: Absent; there are no instructions to delimit untrusted input or to ignore instructions embedded within that data.
- Capability inventory: The agent is given the capability to write production/test code and execute shell commands (
bun test,cargo test) to verify it. - Sanitization: Absent; the skill does not provide mechanisms for validating or escaping external content before it is transformed into executable code.
- [COMMAND_EXECUTION] (MEDIUM): The skill frequently directs the agent to execute local system commands to run test suites. This operational capability is essential for TDD but provides a direct execution vector for any malicious code generated through poisoned inputs.
Recommendations
- AI detected serious security threats
Audit Metadata