Skills
skills/eljun/workflow-skills/implement/Gen Agent Trust Hub

implement

Pass

Audited by Gen Agent Trust Hub on May 4, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting data from external files to drive implementation and orchestration logic.\n
  • Ingestion points: The skill reads docs/task/{ID}-{name}.md, TASKS.md, LEARNINGS.md, and any files specified in the task document's ## File Changes section (e.g., SKILL.md).\n
  • Boundary markers: The instructions do not specify any delimiters or explicit 'ignore embedded instructions' warnings for content within these ingested files, which could allow malicious instructions in task documents to influence agent behavior.\n
  • Capability inventory: The agent has the capability to modify local source files, execute git commands (commit, push, worktree), and spawn sub-agents with dynamic prompts (e.g., in SKILL.md).\n
  • Sanitization: No sanitization or validation of the ingested file content is mentioned prior to processing.\n- [EXTERNAL_DOWNLOADS]: The documentation references external skill repositories from well-known technology organizations.\n
  • Evidence: Mentions https://github.com/vercel-labs/agent-skills and https://github.com/supabase/agent-skills for specialized best-practice skills.\n
  • Context: These are trusted organizations and the references are intended to guide the user to install optional enhancements for the workflow.\n- [COMMAND_EXECUTION]: The skill performs shell-level operations using the git version control system.\n
  • Evidence: Commands such as git commit, git push -u origin {branch-name}, and git checkout (managed via a worktree abstraction) are executed as part of the implementation pipeline.\n
  • Context: These operations are consistent with the skill's primary purpose of automated coding and task management.
Audit Metadata
Risk Level
SAFE
Analyzed
May 4, 2026, 02:19 AM