test-driven-development
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- PROMPT_INJECTION (SAFE): The skill contains strong instructional language regarding TDD (e.g., 'Delete means delete'), but these are methodological constraints for the agent's coding workflow rather than attempts to bypass system safety filters or override core instructions.
- COMMAND_EXECUTION (SAFE): The skill references standard development commands like 'npm test'. These are used within the context of verifying code quality during the TDD process and do not target sensitive system files or execute arbitrary code from untrusted sources.
- DATA_EXFILTRATION (SAFE): No network operations, hardcoded credentials, or access to sensitive file paths (~/.ssh, .env, etc.) were found.
- INDIRECT_PROMPT_INJECTION (LOW): While the skill processes code and test files, it does not demonstrate a vulnerability to instructions embedded in external data. The capability tier is low as it focuses on local development workflow.
Audit Metadata