tdd-guide
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues were detected. The skill's components are well-documented and focus strictly on testing productivity and quality analysis.
- [DATA_EXPOSURE]: The skill analyzes local source code and coverage reports (LCOV, JSON, XML) to provide recommendations. It does not contain any logic for network communication or data exfiltration.
- [REMOTE_CODE_EXECUTION]: All Python modules (
test_generator.py,coverage_analyzer.py, etc.) perform static analysis using regular expressions and string manipulation. No dynamic execution functions likeeval()orexec()are used, and no subprocesses are spawned to run external commands. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted user-provided requirements and code. However, it explicitly states in its limitations that it performs static analysis only and cannot execute tests or measure runtime behavior, which effectively mitigates common injection risks associated with code execution.
- [OBFUSCATION]: All code and documentation are provided in clear text with no evidence of encoding, hidden characters, or obfuscated URLs.
Audit Metadata