Skills
skills/catlog22/claude-code-workflow/workflow-tdd-plan-plan/Gen Agent Trust Hub

workflow-tdd-plan-plan

Pass

Audited by Gen Agent Trust Hub on Mar 21, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to perform project discovery, code searching, and test execution across various development phases. This includes running standard utilities like find, grep (via rg), and project-specific test runners like npm test or pytest.\n- [PROMPT_INJECTION]: The skill ingests untrusted data from user descriptions and project source files, which are then interpolated into prompts for sub-agents. \n
  • Ingestion points: User input from $ARGUMENTS, and file content from project source code and session notes.\n
  • Boundary markers: Prompt segments are delineated by markdown headers, but explicit instruction-isolation wrappers for untrusted variables are largely absent.\n
  • Capability inventory: The skill has access to powerful tools including Bash, Write, Edit, and the ability to trigger the workflow-execute skill.\n
  • Sanitization: No specific sanitization or escaping of interpolated strings was identified in the phase logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 21, 2026, 06:40 AM