tdd-workflow
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No instructions attempting to override agent behavior, bypass safety filters, or extract system prompts were detected.
- [Data Exposure & Exfiltration] (SAFE): The skill does not access sensitive local file paths (such as SSH keys or AWS credentials) and performs no network operations.
- [Obfuscation] (SAFE): All skill components are provided in clear text without any Base64, zero-width characters, or other encoding techniques.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill does not download external packages or execute remote scripts. It operates entirely on the local project structure.
- [Command Execution] (SAFE): The script
scripts/detect_test_env.shperforms read-only introspection of the project environment using standard utilities likefindandgrep. It does not require elevated privileges or execute untrusted input. - [Indirect Prompt Injection] (SAFE): While the skill reads project configuration files (e.g.,
package.json,pyproject.toml), the processing is limited to static string matching for framework detection, which does not facilitate instruction injection.
Audit Metadata