tdd-workflow
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill guides the agent to perform shell operations such as
npm testandnpm run test:coverageto validate the implementation against defined test cases. - [REMOTE_CODE_EXECUTION]: The core TDD workflow involves the dynamic creation of test files (unit, integration, and E2E) which are subsequently executed to ensure code quality and coverage.
- [EXTERNAL_DOWNLOADS]: The skill references standard industry tools and libraries including Jest, Vitest, and Playwright, and includes integration patterns for external services like Supabase and OpenAI.
- [PROMPT_INJECTION]: An indirect prompt injection surface is present in the TDD workflow.
- Ingestion points: User-provided descriptions (User Journeys) in Step 1 serve as the basis for generated test code.
- Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat user-provided journey text as untrusted content.
- Capability inventory: The agent possesses the capability to write files and execute shell commands (
npm test) which could be exploited if malicious code is generated from a poisoned journey. - Sanitization: The skill lacks instructions for sanitizing or validating user input before incorporating it into executable test scripts.
Audit Metadata