test-driven-development
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The TDD cycle defined in
SKILL.mdrequires the agent to generate and run tests and implementation code. This provides a mechanism for an attacker to achieve RCE by providing a feature request that includes malicious code logic for the agent to implement and execute.\n- [COMMAND_EXECUTION] (HIGH): The skill directs the agent to execute shell commands, specificallynpm test, to verify code. This command will execute any code generated during the implementation phase, leading to potential system compromise if the generated code is malicious.\n- [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8) because it lacks safety controls for processing user instructions.\n - Ingestion points: User-provided feature requests and bug reports as specified in
SKILL.md.\n - Boundary markers: None. The skill does not instruct the agent to use delimiters or ignore instructions within the user input.\n
- Capability inventory: Writing to the file system and executing subprocesses via the test runner.\n
- Sanitization: None. There are no instructions for the agent to sanitize or validate the user's request before using it to generate executable code.
Recommendations
- AI detected serious security threats
Audit Metadata