frog-cycle
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill processes user-provided specifications which are used to generate tests and code. This indirect prompt injection surface is protected by a multi-agent architecture where each agent has strictly limited file-system access and specialized prompts.
- Ingestion points: Phase 1 (LISTEN) in SKILL.md receives the specification.
- Boundary markers: subagent-prompts.md defines 'NON-NEGOTIABLE' rules and strict file-access constraints (e.g., test files only vs implementation files only).
- Capability inventory: phase-transitions.md defines commands for executing test runners like vitest and pytest.
- Sanitization: The orchestrator performs integrity checks using 'shasum' to ensure test files remain immutable after creation.
- [COMMAND_EXECUTION]: The skill automates the execution of local test runners (vitest, jest, pytest, cargo, go) and CI tools (gw). These actions are restricted to the local development environment and represent the intended behavior of a TDD automation tool.
Audit Metadata