autonomous-delivery
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses instructions to enforce autonomous behavior with reduced user oversight, such as "minimal interruption," "Do not pause for non-critical confirmation," and "Execute tasks... without stopping."
- [COMMAND_EXECUTION]: The skill executes various local scripts and tools as part of the project lifecycle, including
node scripts/check-phase-entry.mjsandpnpmtasks (pnpm check:truth-gates,pnpm typecheck,pnpm lint,pnpm test). - [PROMPT_INJECTION]: Trigger conditions include Uzbek phrases ("to'xtama", "bir passda tugat", "oxirigacha bajar") to activate the autonomous mode, which can bypass simple English-language instruction filters.
- [INDIRECT_PROMPT_INJECTION]: The skill processes project-specific files to determine the execution loop and state, which serves as an injection surface if these files are influenced by untrusted sources.
- Ingestion points:
HANDOFF.md,_memory/progress.md,_planning/phase-N/README.md, anddocs/TASKS.mdare read to guide execution. - Boundary markers: None identified in the instructions for delimiting content from these files.
- Capability inventory: The skill has the capability to execute shell commands (
node,pnpm) based on the tasks identified in the ingested files. - Sanitization: No sanitization or validation of the content within the ingested files is mentioned before the agent acts upon them.
Audit Metadata