omakase-off
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands to manage isolated development environments, specifically utilizing
git worktreeandgit branchfor creation and deletion of variant-specific contexts as described in Phase 3 and Phase 5 of the detailed workflow.- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it ingests untrusted user requirements and interpolates them into implementation plans and tests executed by subagents. - Ingestion points: User-provided build, create, or implement requests processed at the entry gate (SKILL.md).
- Boundary markers: The skill does not define explicit delimiters or instructions to ignore embedded commands when passing user requirements to the
writing-plansdependency. - Capability inventory: The skill performs file system operations (writing plans), git repository manipulation (worktrees), and dispatches subagents with execution permissions via
parallel-agents(detailed-workflow.md). - Sanitization: There is no documented validation or sanitization of user-provided feature descriptions before they are used to generate executable content.
Audit Metadata