church-uat
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
churchCLI utility to manage UAT processes. It executes various subcommands such aschurch ledgerto track testing results,church bibleto render requirement documentation to HTML, andchurch stateto record agent and user approvals. These tools are used locally within the repository to automate verification gates. - [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process external project data, including success requirements, UX workflows, and test results. While this represents a surface for indirect prompt injection, it is a standard requirement for UAT tasks. The risk is mitigated by the skill's structure, which mandates mutual sign-off gates and explicit user acceptance for risk-related decisions.
- Ingestion points: Reads requirements, workflows, phase anchors, and test/build results from the repository.
- Boundary markers: None identified in the provided instructions.
- Capability inventory: Executes
churchCLI commands and generates HTML documentation. - Sanitization: No explicit sanitization or filtering of external input is described.
Audit Metadata