checklist
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or safety bypass instructions were detected in the skill content.\n- [PROMPT_INJECTION]: The skill contains no instructions to ignore safety filters or override agent behavior. It possesses an indirect prompt injection surface (Category 8) because it processes the contents of
spec.md,plan.md, andtasks.md. However, this is categorized as safe because the skill's output is a text-based checklist for human review and the skill lacks the capability to execute the processed content or send it over a network.\n - Ingestion points: Reads feature documentation files (
spec.md,plan.md,tasks.md) from the feature directory.\n - Boundary markers: No delimiters or ignore-instructions are used when loading file content.\n
- Capability inventory: Limited to reading local files and writing checklist files to a sub-directory in the feature folder.\n
- Sanitization: No validation or sanitization is performed on the ingested documentation content.\n- [DATA_EXFILTRATION]: The skill performs no network operations and does not access sensitive system paths (like
.sshor.aws). All data processing is confined to the local feature directory defined by the platform.\n- [REMOTE_CODE_EXECUTION]: No remote scripts are downloaded, and no external packages are installed. The skill relies entirely on the local context provided by the agent.\n- [COMMAND_EXECUTION]: The skill provides instructions for escaping single quotes in arguments to prevent shell errors, which is a defensive measure. It does not execute any dangerous or arbitrary shell commands.
Audit Metadata