test-driven-development
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill instructs the agent to execute tests using commands like npm test. This is standard for developer tools and poses no inherent security risk.
- [PROMPT_INJECTION] (LOW): The skill uses imperative language like 'The Iron Law' and 'Delete means delete' to enforce its methodology. While this overrides standard coding behavior, it is benign and task-focused.
- [INDIRECT_PROMPT_INJECTION] (LOW): 1. Ingestion points: Feature requests and bug fixes in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Execution of test code via npm test in SKILL.md. 4. Sanitization: Absent. The surface exists but the risk is low and restricted to the testing environment.
Audit Metadata