god
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The framework is susceptible to indirect prompt injection (Category 8) due to its core functionality of fetching and processing data from external platforms such as Jira and Figma. \n
- Ingestion points: Data is retrieved from Jira issue descriptions and comments, and Figma design context in sub-skills/spec/SKILL.md. \n
- Boundary markers: Although the specification template includes an isolation section (## Input bruto), there are no explicit instructions for the AI to ignore embedded directives within that content during analysis. \n
- Capability inventory: The skill has high-privilege tool access, including file system modification, shell execution via git/gh, and sub-agent spawning. \n
- Sanitization: No automated filtering or sanitization of external platform data is performed before it enters the agent's context. \n- [COMMAND_EXECUTION]: The skill implements a hooks system (GOD/hooks.md) that executes natural language instructions at various lifecycle steps. This mechanism provides a way for instructions stored in configuration files to influence agent behavior dynamically. \n- [COMMAND_EXECUTION]: Internal Python scripts in the sub-skills/_lib/ directory interact with the shell using subprocess.run to execute git commands based on task metadata stored in local project files. \n- [EXTERNAL_DOWNLOADS]: The skill performs authorized network operations to well-known developer services, including GitHub, Jira, and Figma. These operations are essential for synchronizing the development state and managing project metadata.
Audit Metadata