test-driven-development
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill contains educational content focused on software engineering best practices. Analysis of the instructions and examples confirms there are no malicious patterns, obfuscated code, or attempts to exfiltrate data.
- [COMMAND_EXECUTION]: The skill instructs the agent to execute local test suites using the standard 'npm test' command. This is a legitimate and expected operation for a development-focused skill and does not represent a security violation in this context.
- [PROMPT_INJECTION]: The skill defines a workflow for processing and testing user-provided code, which creates a surface for indirect prompt injection. 1. Ingestion points: Test files and source code paths (SKILL.md); 2. Boundary markers: Absent; 3. Capability inventory: Local command execution via 'npm test' (SKILL.md); 4. Sanitization: Absent. This is a standard operational risk for development tools and is considered safe given the intended use case.
Audit Metadata