Skills
skills/dokhacgiakhoa/antigravity-ide/tdd-workflows-tdd-refactor/Gen Agent Trust Hub

tdd-workflows-tdd-refactor

Pass

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill uses the $ARGUMENTS placeholder to insert user-controlled data into a prompt sent to a sub-agent (tdd-orchestrator). This configuration creates an indirect prompt injection surface.
  • Ingestion points: Untrusted user code enters the context through the $ARGUMENTS variable in the SKILL.md instructions.
  • Boundary markers: While the input is enclosed in double quotes, the skill lacks strong structural delimiters (such as XML tags or unique random tokens) or explicit instructions to the sub-agent to ignore any logic-altering commands hidden within the provided code snippet.
  • Capability inventory: The skill utilizes the Task tool to delegate complex operations to a tdd-orchestrator agent, which possesses the capability to modify source code and execute tests.
  • Sanitization: There is no evidence of sanitization, escaping, or schema validation for the data provided via $ARGUMENTS before it is processed by the AI.
Audit Metadata
Risk Level
SAFE
Analyzed
May 12, 2026, 01:43 PM