tdd
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The instructions explicitly direct the agent to execute the 'project's test command' in a bash environment. This allows a malicious project to execute arbitrary code (e.g., via scripts in package.json or Makefile) on the agent's host system.
- [PROMPT_INJECTION] (HIGH): Category 8: Indirect Prompt Injection. * Ingestion points: Project source code and test files processed during TDD cycles. * Boundary markers: Absent; no instructions are provided to ignore or sanitize embedded instructions in user code or test output. * Capability inventory: Execution of bash commands for tests and interaction with the 'mcp__x__ask_codex' external tool. * Sanitization: Absent; the agent is directed to follow logic derived from external code and tool outputs without verification.
- [EXTERNAL_DOWNLOADS] (LOW): The skill uses 'ToolSearch' to dynamically discover and call the 'mcp__x__ask_codex' tool, creating a dependency on external resources.
Recommendations
- AI detected serious security threats
Audit Metadata