practicing-tdd
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill provides structured educational content for software development workflows, focusing on testing best practices and refactoring cycles.
- [COMMAND_EXECUTION]: The instructions direct the agent to execute 'npm test' to verify the failure or success of code during the TDD cycle. This is a standard operational requirement for developer tooling and shows no signs of malicious command concatenation or injection.
- [PROMPT_INJECTION]: The skill utilizes strong imperative language such as 'The Iron Law', 'MANDATORY', and 'Delete means delete'. These are process-oriented constraints designed to enforce TDD principles rather than attempts to circumvent the agent's safety or system instructions.
- [PROMPT_INJECTION]: A potential surface for indirect prompt injection exists because the skill involves processing and executing user-provided code and tests.
- Ingestion points: Project-level source code and test files.
- Boundary markers: None identified; instructions do not specify delimiters to isolate untrusted code from the agent's logic.
- Capability inventory: Uses shell command execution ('npm test') in 'SKILL.md'.
- Sanitization: No specific sanitization or validation steps are defined for the files before they are processed by the test runner.
Audit Metadata