tdd-guide
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection and data processing risks due to its handling of untrusted external input. * Ingestion points: Untrusted data enters the skill via coverage reports (XML, JSON, LCOV) in
scripts/coverage_analyzer.pyand feature requirements (JSON) inscripts/test_generator.py. * Boundary markers: The skill lacks explicit boundary markers or instructions to the agent to ignore embedded commands within the processed data. * Capability inventory: The skill is capable of generating executable test files and performing analytical tasks on source code. * Sanitization: There is no evidence of sanitization or character escaping for input data before it is processed or used in code generation. * Evidence: Inscripts/coverage_analyzer.py, the_parse_xmlmethod utilizesxml.etree.ElementTree.fromstringto parse coverage reports. This standard library function is vulnerable to XXE attacks, which could be exploited by a malicious report to read local files or conduct SSRF. * Evidence: Inscripts/test_generator.py, methods such as_generate_jest_stubperform direct string interpolation of user-provided requirement fields into code templates. The lack of quote escaping allows for potential code injection into resulting test files if the requirements are maliciously crafted.
Audit Metadata