tdd-workflows-tdd-refactor
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes user-provided code through the
$ARGUMENTSplaceholder without utilizing boundary markers (e.g., XML tags or triple backticks) or instructions to ignore embedded commands. Maliciously crafted comments within the input code could potentially influence the agent's behavior during the refactoring process. - Ingestion points: The
$ARGUMENTSvariable is interpolated at the end of the main prompt template. - Boundary markers: None present; the code is appended directly to the instructions.
- Capability inventory: The skill instructions prompt the agent to execute tests, profile performance, and commit changes to version control, which are high-privilege actions if an injection occurs.
- Sanitization: No sanitization or validation of the input code is specified.
Audit Metadata