test-driven-development
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill explicitly instructs the agent to run shell commands (
npm test path/to/test.test.ts) during the 'Verify RED' and 'Verify GREEN' phases. This capability allows for arbitrary code execution if the test files contain malicious logic or shell escape sequences. - [PROMPT_INJECTION] (HIGH): The skill is highly susceptible to Indirect Prompt Injection (Category 8). It ingests untrusted data in the form of code and test files (Ingestion). It lacks explicit boundary markers or instructions to ignore embedded directives within those files (Boundaries). The skill grants the agent the capability to execute these files via a shell (Capabilities), and there is no evidence of sanitization or validation of the test content before execution (Sanitization).
- [PROMPT_INJECTION] (MEDIUM): The instructions use strong imperative language and psychological framing ("Iron Law", "Stop. That's rationalization", "Delete means delete", "Violating the letter... is violating the spirit"). While intended to enforce TDD discipline, these patterns can be leveraged by attackers to override the agent's core safety instructions or to manipulate the agent into deleting legitimate work by framing it as a TDD violation.
- [DATA_EXFILTRATION] (LOW): While no explicit exfiltration commands are present, the combination of shell execution capabilities and the processing of code provides a potential path for data exfiltration if the test runner is subverted to send file contents to external domains.
Recommendations
- AI detected serious security threats
Audit Metadata