tdd-orchestrator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill uses a simple
catcommand to read local memory files in the.specweavedirectory. This is used for context retrieval and does not involve executing untrusted input. - [PROMPT_INJECTION] (SAFE): No instruction overrides or bypass attempts were found. The skill remains within its documented scope of TDD orchestration.
- [DATA_EXFILTRATION] (SAFE): No network requests or access to sensitive system credentials (e.g., .ssh, .aws) were identified.
- [INDIRECT_PROMPT_INJECTION] (SAFE): While the skill ingests data from
.specweave/skill-memories/tdd-orchestrator.md, this is an internal state file used for historical context. There is no evidence of this being used to process untrusted external data without sanitization.
Audit Metadata