Skills
skills/ruvnet/ruflo/tdd-repair/Gen Agent Trust Hub

tdd-repair

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes user-specified shell commands provided via the --test-command argument. It also spawns a headless AI agent instance (claude -p) with access to the Bash tool to perform file edits and verification.
  • [PROMPT_INJECTION]: The skill processes the content of local files specified in the --test argument, which introduces a potential surface for indirect prompt injection where adversarial test content could influence the AI agent's actions.
  • Ingestion points: Content of the test file path provided to the --test parameter (SKILL.md).
  • Boundary markers: No explicit delimiters or instructions are documented to isolate test data from the agent's primary instructions.
  • Capability inventory: The spawned agent has access to Read, Edit, and Bash tools (SKILL.md).
  • Sanitization: The skill does not describe any sanitization or validation of the ingested file content.
  • [EXTERNAL_DOWNLOADS]: The documentation references the ruvnet/agent-harness-generator repository on GitHub as a design reference.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 10:23 PM
Security Audit — agent-trust-hub — tdd-repair