gadd-scope
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains a directive to "Follow this file directly; do not require any other installed skill," which is a pattern used to isolate agent behavior by overriding other potential instructions or system-level capabilities.
- [COMMAND_EXECUTION]: The skill requires the agent to interact with the shell to execute git operations, including "Make a local commit after writing scope" and potentially pushing branches. These actions are within the intended workflow and include requirements for user confirmation.
- [PROMPT_INJECTION]: The skill processes untrusted user context and local repository artifacts, creating a surface for indirect prompt injection. Ingestion points: User-provided context in the /gadd:scope command and existing artifacts like prd.md. Boundary markers: The Bounded Shared Understanding Gate requires the agent to summarize its understanding and wait for user confirmation. Capability inventory: The agent possesses capabilities for file writing and executing git commands (commit and push). Sanitization: The skill implements semantic validation through a Product Quality Bar and Input Quality Gate but does not describe technical escaping of ingested strings.
Audit Metadata