tdd-implementation

Pass

Audited by Gen Agent Trust Hub on Jul 5, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill contains instructions designed to override the agent's multi-skill orchestration. It explicitly commands the agent to be the 'sole active authority' and to 'suppress' any other skills that attempt to activate during the session.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from external 'Assigned issue scope' and 'acceptance criteria'.
  • Ingestion points: Issue scope and acceptance criteria documents (SKILL.md).
  • Boundary markers: Absent; there are no instructions to the agent to ignore potentially malicious instructions embedded in the issue descriptions.
  • Capability inventory: The skill is capable of file system writes (writing code/tests) and executing command-line tools (npm, pip, etc.) to run tests.
  • Sanitization: Absent; the skill does not suggest any validation or escaping of the input data before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 5, 2026, 04:28 PM
Security Audit — agent-trust-hub — tdd-implementation