build
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs shell execution of project-specific build and validation tools using pnpm (e.g., pnpm test, pnpm validate) and manages code state using git commands.
- [PROMPT_INJECTION]: The skill reads task definitions from workspace plan files (ai-workspace/plans/*.md) and interpolates the text directly into subagent prompts. This creates a surface for indirect prompt injection where malicious instructions in a plan file could influence subagent behavior.
- Ingestion points: Plan files located in ai-workspace/plans/.
- Boundary markers: Uses Markdown headers like ## Task Description as delimiters, but lacks explicit safety instructions to disregard commands within the ingested text.
- Capability inventory: The skill dispatches subagents with capabilities to write files and execute shell commands (pnpm, git).
- Sanitization: No evidence of content sanitization or validation prior to interpolation into prompts.
Audit Metadata