tdd-workflows-tdd-green
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The implementation-playbook.md template is vulnerable to indirect prompt injection because it directly interpolates untrusted user content into a subagent prompt.
- Ingestion points: User-provided test scenarios and failing code are ingested via the $ARGUMENTS placeholder in resources/implementation-playbook.md.
- Boundary markers: There are no delimiters or explicit instructions provided to the subagent to treat the $ARGUMENTS content as data rather than instructions.
- Capability inventory: The test-automator subagent has the capability to generate and execute code and write files to the repository.
- Sanitization: No sanitization, filtering, or validation is performed on the user-supplied input before it is used to build the subagent's task description.
Audit Metadata