Skills
skills/pluginagentmarketplace/custom-plugin-software-design/tdd-practices/Gen Agent Trust Hub

tdd-practices

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): A high-risk surface exists because untrusted data is used to generate executable content. 1. Ingestion points: 'code' and 'feature_description' parameters in SKILL.md. 2. Boundary markers: Absent; there are no delimiters to isolate untrusted input. 3. Capability inventory: The skill produces code for '06-testing-design', which implies downstream execution or file-write capabilities. 4. Sanitization: No filtering or safety-checks are performed on the input content.
  • [Command Execution] (LOW): The 'scripts/validate.py' script uses 'os' and 'pathlib' to perform local file system operations to verify structure.
  • [Safe Practices] (INFO): The 'scripts/validate.py' script correctly uses 'yaml.safe_load()' to avoid unsafe deserialization vulnerabilities.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 06:43 AM