agent-engineering
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill consists of markdown-based instructions for agent behavior and project management. It does not include scripts, executables, or configurations that perform network operations, file system modifications (outside of intended documentation), or credential harvesting.
- [PROMPT_INJECTION]: The skill defines a "Self-Improvement Loop" where the agent is instructed to read and follow rules from project-local files like
tasks/lessons.md. This pattern introduces a potential surface for indirect prompt injection if those files are modified by external actors (e.g., via malicious pull requests or bug reports). - Ingestion points: Project-local task tracking files (
tasks/todo.md) and lesson files (tasks/lessons.md), as well as external bug reports and error logs. - Boundary markers: Absent; the instructions do not suggest using delimiters or specific isolation for content read from these files.
- Capability inventory: The skill encourages the agent to execute shell commands for testing (
npm test,pytest,go test), create directories, and write to local files. - Sanitization: Absent; no validation or sanitization process is described for the content ingested from the task or lesson files.
Audit Metadata