dispatch
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests untrusted data from external sources and interpolates it into subagent prompts.
- Ingestion points: Processes
spec.md(Phase 1),output.yamlfrom subagents (Phase 4), and project configuration files likepackage.jsonandMakefile(Phase 1/5). - Boundary markers: The skill instructions do not specify the use of delimiters or 'ignore embedded instructions' warnings when injecting external content into subagent prompts.
- Capability inventory: The skill possesses significant capabilities including the execution of arbitrary shell commands (build/test/lint), Git repository modifications, and spawning/managing other AI agents via the Task tool.
- Sanitization: There is no evidence of content sanitization or validation of the external strings before they are used to generate task plans or instructions.
- [COMMAND_EXECUTION]: The skill automatically detects and executes verification commands (build, test, lint) found within the user's project codebase.
- Evidence: Phase 1 (Step 6) and Phase 5 explicitly instruct the agent to identify commands from
package.json,Makefile, or other project documentation and run them to establish baselines or verify implementations.
Audit Metadata