v-implementing
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands for git operations and runs internal Python scripts as lifecycle hooks from the plugin's root directory. These actions are standard for the skill's management and tracking features.\n- [DATA_EXPOSURE]: The skill reads project plan files from the local file system to build a dependency graph and coordinate implementation steps.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted plan data from plan files (root.md, step-.md). \n
- Ingestion points: Plan directory files (root.md, step-.md)\n
- Boundary markers: None present\n
- Capability inventory: Sub-agent spawning (Agent tool), shell execution (git, hooks), and file writes\n
- Sanitization: None mentioned
Audit Metadata