implement-change
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various shell-based development tools and test runners (including npm, npx, pytest, cargo, and go) in Phase 5 to verify the implementation. These commands are derived from the project environment and the provided specifications.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it reads and interprets data from external files (Architecture Decision Records and Gherkin specifications) to guide its logic and command execution. An attacker could embed malicious instructions within a specification file to influence the generated code or execute unauthorized shell commands.
- Ingestion points: Phase 1 reads ADR (.md) and spec (.feature) files to extract architectural decisions and behavioral scenarios.
- Boundary markers: The skill does not implement delimiters or explicit 'ignore instructions' warnings when processing the contents of these documents.
- Capability inventory: The skill possesses capabilities for shell command execution (Bash), file system modification (Edit, Write), and task orchestration (Task).
- Sanitization: There is no evidence of validation, sanitization, or filtering applied to the contents of the read files before they are used to influence agent behavior.
Audit Metadata