auto

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill implements an 'auto-approve' mechanism that explicitly instructs the agent to bypass user interaction and proceed with task execution. Combined with the feature that infers the task from conversation context, this creates a vulnerability to indirect prompt injection.
  • Ingestion points: Task descriptions are ingested via $ARGUMENTS or inferred from the conversation context (SKILL.md, 'Input' section).
  • Boundary markers: There are no boundary markers or instructions to ignore embedded commands within the ingested context.
  • Capability inventory: The skill invokes manifest-dev:do, which performs file modifications and command execution based on the generated manifest (SKILL.md, 'Flow' section).
  • Sanitization: No sanitization or validation of the inferred task is performed before the manifest is 'auto-approved' and executed.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 07:37 AM
Security Audit — agent-trust-hub — auto