tdd-workflows-tdd-cycle
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection due to the way it orchestrates sub-agents.
- Ingestion points: User input provided through the
$ARGUMENTSvariable is directly interpolated into prompts across multiple sub-skill files, includingsub-skills/1-requirements-analysis.md,sub-skills/3-write-unit-tests-failing.md, andsub-skills/5-minimal-implementation.md. - Boundary markers: The instructions lack delimiters (such as XML tags or unique markers) to isolate the untrusted
$ARGUMENTSfrom the system's own instructions. - Capability inventory: The skill utilizes sub-agents with significant capabilities (e.g.,
backend-architect,test-automator) that are responsible for creating architecture and implementing source code. - Sanitization: There is no evidence of validation or sanitization logic to prevent malicious commands embedded in the user input from influencing the sub-agent's behavior.
Audit Metadata