test-design-review
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because the
test-design-reviewersubagent ingests data from external sources, including project plans and source code files, which are interpolated into its context without explicit boundary markers. This could allow content within the analyzed files to influence the subagent's logic.\n - Ingestion points: The subagent reads the
TDD.mdstandard, task plan files (e.g.,plan.md), and source code files within the user-specified codebase path.\n - Boundary markers: The skill does not use specific delimiters or 'ignore embedded instructions' warnings when interpolating the content of these files into the subagent prompt.\n
- Capability inventory: The subagent can read files, execute
gitcommands (diff, log), and write report files to the local disk.\n - Sanitization: No sanitization or validation of the ingested file content is performed.\n- [COMMAND_EXECUTION]: The subagent instructions include executing shell commands via
git(e.g.,git -C <path> diff --name-only <range>) with arguments derived from the execution context. While this is standard for the skill's purpose, it represents a surface where command arguments are dynamically constructed from external input.
Audit Metadata