The Agent Skills Directory

[COMMAND_EXECUTION]: The skill setup process involves executing a bash script (setup_hooks.sh) that installs executable scripts into .git/hooks/ and .claude/hooks/, creating a persistence mechanism for script execution within the development environment.
[PROMPT_INJECTION]: The skill installs a persistent user-prompt-submit hook designed to modify the agent's context by injecting specific instructions ('TDD reminders') into every subsequent interaction within the project, which can override or augment the agent's core instructions.
[COMMAND_EXECUTION]: Automated execution of local scripts (check_tdd_compliance.py and validate_tests.py) is used to analyze project files, which could execute arbitrary commands if the script contents are malicious or if they process specially crafted file names.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by processing untrusted project files through its analysis scripts. Ingestion points: Local source code and tests read by check_tdd_compliance.py. Boundary markers: None mentioned. Capability inventory: Script execution and file modification. Sanitization: No sanitization of analysis output is mentioned.

tdd-methodoly-expert