tdd-spec-review
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core workflow of processing external data.
- Ingestion points: The skill ingests untrusted data from
docs/test-specs/, feature documents (Section 17), and user stories/acceptance criteria. - Boundary markers: There are no specific boundary markers or instructions to the agent to disregard embedded instructions within these source files.
- Capability inventory: The skill utilizes
TaskCreatefor task management,AskUserQuestionfor user interaction, and file write operations toplans/reports/. It does not appear to possess high-risk capabilities like arbitrary shell execution or network access. - Sanitization: No sanitization or validation mechanisms are defined for the content read from external files before it is processed by the agent.
Audit Metadata