captain
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection due to its design, which involves ingesting and acting upon untrusted data from external reports.
- Ingestion points: The skill reads
HANDOVER.md, blocker reports, and Gherkin feature files. - Boundary markers: There are no instructions to ignore or delimit potentially malicious instructions within the ingested data.
- Capability inventory: The skill is capable of writing to repository files (specs, instructions, assets) and initiating outbound actions like pushing code or creating pull requests.
- Sanitization: No sanitization or verification of the content from ingested files is performed.
- [COMMAND_EXECUTION]: The skill provides instructions for performing version control and deployment operations.
- Evidence: The workflow includes steps for pushing branches, opening PRs, and triggering releases or deployments.
- Safeguards: All outbound actions are gated by human approval and require the repository to be in a 'clean deck' state as reported by a verification role.
Audit Metadata