tdd-workflows-tdd-cycle
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via its subagent orchestration logic.
- Ingestion points: User-provided inputs via the
$ARGUMENTSvariable are interpolated directly into prompts across all phases of the TDD cycle, including requirements analysis, test generation, and code implementation. - Boundary markers: The instructions lack explicit delimiters or guardrail instructions (e.g., "treat the following as data only") to prevent the AI from executing instructions that might be embedded within the
$ARGUMENTSdata. - Capability inventory: The skill utilizes the
Tasktool to invoke subagents likebackend-architectandtest-automator, which typically have write access to the filesystem to generate code and tests, creating a path for unauthorized file modification if an injection occurs. - Sanitization: There is no evidence of input validation, escaping, or sanitization of the
$ARGUMENTSstring before it is passed to the sub-orchestration tools.
Audit Metadata