Skills
skills/ruvnet/claude-flow/agent-tdd-london-swarm/Gen Agent Trust Hub

agent-tdd-london-swarm

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFE
Full Analysis
  • [INDIRECT_PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection through its task handling logic.
  • Ingestion points: The $TASK environment variable is used within the pre hook string.
  • Boundary markers: Absent; the variable is interpolated directly into a shell command string.
  • Capability inventory: The skill can execute shell commands via npm test and shell hooks.
  • Sanitization: Absent; there is no evidence of escaping or validation for the $TASK input before it is used in the echo command.
  • [COMMAND_EXECUTION] (SAFE): The execution of npm test is a primary function of the skill and is appropriate for a TDD-focused agent.
  • [BEST_PRACTICE] (SAFE): The pre hook contains a typo ($dev$null instead of /dev/null), which results in redirection to a file named null if the $dev variable is empty. This is a functional bug rather than a direct security threat.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:12 PM