tdd-workflow
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Prompt Injection] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8) because it ingests untrusted user requirements and triggers automated code-generation and testing cycles.\n
- Ingestion points: User-provided feature descriptions (e.g., "Implement [feature] with TDD") captured in
SKILL.md.\n - Boundary markers: Absent. The skill provides no instructions to downstream tools (like
/sw:tdd:cycleortdd-orchestrator) to treat the user's feature description as data rather than instructions.\n - Capability inventory: The skill invokes commands and agents that perform file writes, code generation, and shell execution (e.g.,
/sw:tdd:red,/sw:tdd:green, andnpm test).\n - Sanitization: Absent. The skill lacks any mechanism to filter or sanitize instructions embedded within the user's intent strings.\n- [Command Execution] (MEDIUM): The skill's documentation and example interactions (Example 1 in
SKILL.md) explicitly instruct the agent to execute local build and test commands likenpm test. This capability, when combined with the lack of input sanitization, provides a direct path for executing arbitrary code if a user manages to inject malicious scripts into the test suite via the TDD cycle.
Recommendations
- AI detected serious security threats
Audit Metadata