gate-check
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to run project test suites and verify quality standards during gate checks. This is a standard and expected functionality for a development-focused agent. - [PROMPT_INJECTION]: The skill ingests untrusted project documentation (e.g., GDDs, architecture records) to provide context for subagent reviews via the
Tasktool. This represents a potential indirect prompt injection surface. - Ingestion points: Reads file content from project directories such as
design/,docs/, andproduction/. - Boundary markers: No specific delimiters or "ignore instructions" prompts are used when passing ingested content to subagents.
- Capability inventory: The agent has access to
Bash,Write, andTasktools, which could be misused if malicious instructions are successfully injected via project files. - Sanitization: No explicit sanitization or filtering is applied to the ingested content before it is processed by the model or its subagents.
- [SAFE]: The skill follows security best practices by requiring user confirmation before updating project state (e.g., writing to
stage.txt) and before executing phase transitions. No obfuscation, data exfiltration, or persistence mechanisms were detected.
Audit Metadata