consistency-check
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute git commands and constructs Grep tool calls using names and attributes extracted from the entity registry. If the registry content contains shell metacharacters or tool flags, it could lead to argument injection or unexpected command behavior.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and interprets data from external files which may be attacker-controlled.
- Ingestion points: The files design/registry/entities.yaml and markdown documents in the design/gdd/ directory.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used when processing the content extracted from GDD files.
- Capability inventory: The skill utilizes powerful tools including Bash, Write, Edit, Grep, and Read, providing a significant impact surface if the agent is manipulated.
- Sanitization: There is no mention of validation, filtering, or escaping of the content read from external documents before it is used to influence the agent's analysis and reports.
Audit Metadata