test-driven-development
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to execute
npm testto verify software behavior throughout the development process. This is a standard and expected part of the professional development workflow described. - [PROMPT_INJECTION]: The skill establishes an Indirect Prompt Injection surface by directing the agent to execute tests on code generated from user-provided requirements. This creates a potential vector where a malicious requirement could result in the execution of unsafe code during the test phase.
- Ingestion points: User-provided feature descriptions and bug reports (implicitly used to generate tests and code).
- Boundary markers: The instructions do not define specific delimiters or isolation markers for user-provided input.
- Capability inventory: The workflow involves shell execution via
npm testto run generated test suites. - Sanitization: The skill does not provide explicit sanitization or validation logic for user requirements before they are used to generate executable tests.
Audit Metadata