tdd-orchestrator
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (MEDIUM): Vulnerability to Indirect Prompt Injection (Category 8) due to high capability surface. The skill is designed to ingest and act upon external code files which may contain adversarial instructions.
- Ingestion points: Processes user-provided test and implementation files (implied in SKILL.md workflow).
- Boundary markers: Absent. There are no instructions in SKILL.md to treat external content as data only or to ignore embedded natural language commands.
- Capability inventory: The skill is granted Bash, Write, and Edit tools in SKILL.md, allowing for significant system impact.
- Sanitization: No validation or sanitization of code content is implemented.
- [COMMAND_EXECUTION] (LOW): The skill requires the Bash tool for its primary function. While consistent with the TDD purpose, this creates a vector for exploitation if the agent is manipulated via indirect injection.
Audit Metadata