diff --git a/commands/gsd/debug.md b/commands/gsd/debug.md
index 71702537..8220b8cd 100644
--- a/commands/gsd/debug.md
+++ b/commands/gsd/debug.md
@@ -63,7 +63,7 @@ debugger_model=$(gsd-sdk query resolve-model gsd-debugger 2>/dev/null | jq -r '.
 
 Read TDD mode from config:
 ```bash
-TDD_MODE=$(gsd-sdk query config-get tdd_mode 2>/dev/null | jq -r 'if type == "boolean" then tostring else . end' 2>/dev/null || echo "false")
+TDD_MODE=$(gsd-sdk query config-get workflow.tdd_mode 2>/dev/null | jq -r 'if type == "boolean" then tostring else . end' 2>/dev/null || echo "false")
 ```
 
 ## 1a. LIST subcommand
diff --git a/tests/debug-session-management.test.cjs b/tests/debug-session-management.test.cjs
index 4e51d631..f3fb0951 100644
--- a/tests/debug-session-management.test.cjs
+++ b/tests/debug-session-management.test.cjs
@@ -66,6 +66,21 @@ describe('debug session management implementation', () => {
     );
   });
 
+  test('debug.md reads tdd_mode via workflow.tdd_mode key (not bare tdd_mode)', () => {
+    const content = fs.readFileSync(
+      path.join(process.cwd(), 'commands/gsd/debug.md'),
+      'utf8'
+    );
+    assert.ok(
+      !content.includes('config-get tdd_mode'),
+      'debug.md must not use bare "tdd_mode" key — use "workflow.tdd_mode" to match every other consumer'
+    );
+    assert.ok(
+      content.includes('config-get workflow.tdd_mode'),
+      'debug.md must read tdd_mode via the "workflow.tdd_mode" key'
+    );
+  });
+
   test('debug command contains security hardening', () => {
     const content = fs.readFileSync(
       path.join(process.cwd(), 'commands/gsd/debug.md'),