skills/kashyab12/uni-pstack/tdd/Gen Agent Trust Hub

tdd

Warn

Audited by Gen Agent Trust Hub on Jul 10, 2026

Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill contains a section titled 'Uni-pstack Runtime Adapter' which explicitly instructs the agent to override its standard workflow, delegation logic, and model selection. It directs the agent to replace default platform models (e.g., Composer, Claude Opus) with 'Codex gpt-5.6-sol' and mandates specific reasoning tiers.
  • [COMMAND_EXECUTION]: The instructions command the agent to 'launch Codex CLI workers' using an external 'spawn-codex-worker script' or via 'direct codex exec' in the terminal. These references point to external dependencies not provided within the skill's own file set.
  • [PROMPT_INJECTION]: The skill redefines standard UI commands (e.g., loop, babysit, deslop) as 'conceptual cues' and instructs the agent to bypass intended UI constraints by using the host terminal and git tools directly.
  • [REMOTE_CODE_EXECUTION]: The core workflow requires the agent to generate and execute reproduction scripts and tests. While common in TDD, the instructions specifically encourage the use of 'manual reproduction commands' and 'scripted verification' which, when combined with the external worker delegation instructions, creates an unverified execution surface.
  • [DATA_EXFILTRATION]: The skill instructs the agent to translate Cursor-specific paths into 'host-appropriate project or user configuration paths,' which encourages the agent to interact with and potentially expose local user configuration directories.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jul 10, 2026, 04:46 PM