Skills
skills/sivaprasadreddy/sdd-skills/sdd-tdd-implement/Gen Agent Trust Hub

sdd-tdd-implement

Pass

Audited by Gen Agent Trust Hub on Apr 23, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses standard development commands such as mvn compile, mvn test, and ./gradlew to facilitate the TDD cycle. These actions are directly tied to the primary purpose of software implementation and are expected behaviors for a developer-oriented skill.
  • [PROMPT_INJECTION]: The skill reads external files (plan.md, feature.md, docs/project.md) to guide its actions, which introduces an indirect prompt injection surface. This is a common pattern for agentic workflows where the AI processes user-provided context or requirements.
  • Ingestion points: plan.md, feature.md, and docs/project.md files.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the prompt.
  • Capability inventory: File system read/write access and shell command execution for build automation.
  • Sanitization: The skill does not perform explicit sanitization of the content extracted from the external files.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 23, 2026, 10:19 PM
Security Audit — agent-trust-hub — sdd-tdd-implement