implement
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes several system commands as part of the TDD workflow, including
cargo test,make lint,make check, andmake build. It also runs a local Python scriptspecs/tests/run_tests_claude.pyto verify implementation against specifications.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it orchestrates agent behavior based on the contents of markdown files within the repository.\n - Ingestion points: Task instructions are read from
tasks.md, and feature requirements are read fromspecs/tests/{feature-id}.md.\n - Boundary markers: The skill lacks explicit boundary markers or instructions to ignore malicious directives that might be embedded in the task or specification files.\n
- Capability inventory: The skill allows the agent to execute shell commands, perform git operations, and modify project files.\n
- Sanitization: Content from the ingested markdown files is not sanitized or validated before influencing the agent's decision-making process or command execution.
Audit Metadata