Skills
skills/vibeeval/vibecosystem/tdd-migrate/Gen Agent Trust Hub

tdd-migrate

Pass

Audited by Gen Agent Trust Hub on Mar 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute local CLI commands including bun test, qlty check, and tldr. These commands are used to validate code generated during the migration process.
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it processes untrusted external data.
  • Ingestion points: The skill reads existing code from the user-provided source_path and pattern reference files in Steps 1 and 2 to guide the migration.
  • Boundary markers: The instructions do not specify any delimiters or warnings to the sub-agents to ignore potentially malicious instructions embedded in the source code comments or strings.
  • Capability inventory: The orchestration environment has access to the Bash tool (used in Steps 2, 3, and 5) for running tests and the Write tool for creating files.
  • Sanitization: There is no evidence of sanitization or filtering of the content read from source files before it is used to generate implementation code and unit tests.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 23, 2026, 09:04 AM
Security Audit — agent-trust-hub — tdd-migrate