test-driven-development
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill provides a framework for the agent to interact with and execute user-provided code, which constitutes an indirect prompt injection surface.\n
- Ingestion points: User-provided test files and implementation code (e.g., path/to/test.test.ts) during the TDD cycle.\n
- Boundary markers: Absent. No instructions are provided to the agent to sanitize or ignore potentially malicious instructions embedded within the code being tested.\n
- Capability inventory: Execution of
npm testvia subprocess as described inSKILL.md.\n - Sanitization: Absent. The skill does not specify methods for sanitizing the content of the files before execution.\n- [COMMAND_EXECUTION] (SAFE): The skill utilizes
npm testfor the legitimate purpose of verifying code behavior in a TDD workflow. No suspicious or arbitrary command execution patterns were found.
Audit Metadata