tdd-migration-pipeline
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill utilizes the Bash tool to run tests and analysis commands as part of its migration workflow. While this is necessary for the TDD approach, it involves the execution of code that may be generated by the agent or present in the source files.
- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection because it analyzes external source code without explicit sanitization or boundary markers. Evidence includes: 1. Ingestion point: Source code at {source_path}. 2. Boundary markers: Absent from the prompt templates. 3. Capability inventory: Bash, Task, and TodoWrite tools. 4. Sanitization: None specified for the code ingestion phases.
Audit Metadata