tdd-dev-cycle
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to perform local system operations, including executing Git commands for version control and running automated test suites during the verification phase.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes instructions from external files that may be influenced by untrusted sources.
- Ingestion points: The agent reads task descriptions and requirements from files located in
docs/backlog/anddocs/requirements/. - Boundary markers: The instructions do not define any delimiters or specific guardrails to prevent the agent from obeying malicious commands embedded within the backlog files.
- Capability inventory: The agent has the ability to write code, modify files, commit to the repository, and execute subprocesses (automated tests).
- Sanitization: No evidence of input validation, sanitization, or escaping of the requirement content is present in the skill definition.
Audit Metadata