Skills
skills/oimiragieo/agent-studio/tdd/Gen Agent Trust Hub

tdd

Pass

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill instructions describe a 'Test-Driven Prompting (TDP)' pattern that captures verbatim test output (stdout and stderr) and interpolates it directly into the prompt for subsequent agent tasks. This creates a surface for indirect prompt injection where malicious code or tests could output instructions to manipulate the behavior of the implementer agent.\n
  • Ingestion points: Captured from execSync output during the TDD loop as described in SKILL.md and the 'Test-Driven Prompting (TDP)' section.\n
  • Boundary markers: The prompt template uses triple backticks (markdown code blocks) but lacks defensive instructions for the agent to treat the data as untrusted.\n
  • Capability inventory: The pattern uses the Task tool to spawn subagents and requires Bash or Edit capabilities for the implementation phase.\n
  • Sanitization: No sanitization or character escaping of the captured test output is implemented.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 30, 2026, 12:53 AM