fix
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's core workflow involves executing shell commands to run test suites and manage repository state. Step 6 (TDD Fix) generates and executes regression tests, and also runs the project's full test suite (6.3). Steps 6.4 and 7.3 use command-line tools to commit changes to the git repository.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by processing external data and passing it to sub-agents.
- Ingestion points: Bug descriptions are accepted from user prompts, local files via the
@prefix, and review reports stored in conversation history or on disk (Steps 1 and 1R). - Boundary markers: Minimal delimiters (single quotes) are used when interpolating the
bug_descriptioninto prompts for general-purpose sub-agents in Step 4 and the multi-repo definitions file. - Capability inventory: The sub-agents invoked have the capability to search the file system, execute generated code, and modify repository documents.
- Sanitization: The skill does not validate or sanitize the content of the ingested bug reports before they are utilized in instructions to sub-agents.
Audit Metadata