advanced-engineer
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's instructions follow software engineering best practices and do not include any malicious patterns.
- [PROMPT_INJECTION]: The workflow involves processing external data such as repository files and logs, which is a potential surface for indirect prompt injection. Ingestion points: repository files and system logs (SKILL.md). Boundary markers: Not specified in the instructions. Capability inventory: shell command execution and code modification (SKILL.md). Sanitization: Not specified. These risks are inherent to the engineering task and are mitigated by the skill's requirement for a structured Plan-Act-Reflect loop.
- [COMMAND_EXECUTION]: The skill directs the agent to execute commands and modify code as part of its primary engineering function. These high-privilege capabilities are necessary for the skill's intended purpose and are restricted to a verification-focused execution loop.
Audit Metadata