Skills
skills/catlog22/claude-code-workflow/workflow-tdd-plan/Gen Agent Trust Hub

workflow-tdd-plan

Warn

Audited by Gen Agent Trust Hub on Apr 12, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill's Phase 4 (Conflict Resolution) executes a shell command via the Bash tool that directly interpolates the taskDescription variable. Because this variable contains unvalidated user input from $ARGUMENTS, it is vulnerable to command injection. An attacker could craft a task description with shell metacharacters (such as ;, backticks, or $()) to execute arbitrary commands in the environment.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it passes user-supplied task descriptions to several sub-agents without sanitization or boundary markers.\n
  • Ingestion points: User input enters via the taskDescription variable extracted from $ARGUMENTS in the script body.\n
  • Boundary markers: The skill lacks delimiters (such as XML tags or explicit block quotes) or instructions to 'ignore' embedded directives when passing user content to the instructions for spawn_agent.\n
  • Capability inventory: The skill and its sub-agents have access to powerful tools including Bash, Write, Edit, and the ability to spawn further agents.\n
  • Sanitization: No sanitization is performed on the taskDescription before it is interpolated into the agent prompts, allowing the user input to potentially override the agent's instructions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 12, 2026, 08:36 PM