Skills
skills/xu-xiang/everything-claude-code-zh/tdd-workflow/Gen Agent Trust Hub

tdd-workflow

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to perform local command execution, specifically 'npm test' and 'npm run test:coverage', as part of the development lifecycle.
  • [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface (Category 8) by utilizing untrusted user-defined 'User Journeys' to guide code generation and subsequent execution.
  • Ingestion points: User journeys provided in 'Step 1' of the workflow (SKILL.md).
  • Boundary markers: No delimiters are specified to isolate user input from the agent's instructions.
  • Capability inventory: The skill uses 'npm test' (SKILL.md) to execute code derived from user input.
  • Sanitization: No input validation or sanitization of user-provided journeys is mentioned.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 12:39 AM