task-iteration
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill ingests feature specifications from external execution plans and incorporates them into prompts for sub-agent sessions. It mitigates indirect prompt injection risks by using structured XML templates as boundary markers to separate instructions from data.
- Ingestion points: Extracts data from an exec-plan file in Phase 1 (PARSE).
- Boundary markers: Uses
<task>,<output_contract>, and<follow_through>XML tags in all prompt templates found in references/prompt-templates.md. - Capability inventory: Uses node to run a companion script for file modifications and test execution, and git for repository management.
- Sanitization: Relies on template-based interpolation and explicit scope restrictions in the output contracts to define sub-agent boundaries.
- [COMMAND_EXECUTION]: The skill orchestrates task execution through local shell commands, including Git operations and a companion JavaScript utility (
opencode-companion.mjs). These commands are used to automate the development lifecycle within the user's project directory and do not involve remote code downloads or execution of untrusted scripts from the internet.
Audit Metadata