grilling
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill performs standard file system operations including creating, writing, and deleting temporary files (
.grill-tree.md) and UI mockups. It also instructs the agent to modify the.gitignorefile to ensure scratch state is not committed, which is a standard development practice. - [DATA_EXPOSURE]: The skill involves exploring the local codebase to answer design questions. This access is limited to the local environment and is necessary for the skill's stated purpose of stress-testing plans and designs.
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted user-provided plans and design documents and persists decisions to project files (
DESIGN.md,CONTEXT.md, ADRs). While this is an ingestion surface for untrusted data, the risk is mitigated because the content is treated as documentation rather than executable code.
Audit Metadata