tdd-methodology-expert
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Persistence Mechanisms] (MEDIUM): The
scripts/setup_hooks.shscript installs a git pre-commit hook and a Claude Code hook. These mechanisms allow the skill's logic to execute automatically during development activities. While central to the intended TDD enforcement use case, git hooks are a standard persistence vector.\n- [Indirect Prompt Injection] (LOW): Theassets/hook-templates/user-prompt-submit.shhook creates a surface for indirect prompt injection by wrapping untrusted user input with methodology reminders and instructions.\n - Ingestion points: The user's original prompt is read from stdin into the
USER_PROMPTvariable inuser-prompt-submit.sh.\n - Boundary markers: Absent; user input is directly appended at the end of the instruction template without any delimiters or 'ignore embedded instructions' warnings.\n
- Capability inventory: The hook influences the LLM's response behavior and references an external compliance check script.\n
- Sanitization: None; user input is not escaped, filtered, or validated before being combined with system-level instructions.\n- [Dynamic Execution] (MEDIUM): The
assets/hook-templates/pre-commit.shscript calculates the path to its helper script (SKILL_SCRIPT) at runtime based on absolute and relative paths, then executes it usingpython3. Additionally, it uses inline Python code to parse JSON output from these scripts.
Audit Metadata