implement
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill operates on instructions extracted from external plan files, which constitutes an indirect prompt injection surface. Ingestion points: Markdown plan files (.md) provided as arguments or located via git history and repository searches in SKILL.md. Boundary markers: The workflow extracts text between task headings and passes it directly to subagents without specific isolation markers. Capability inventory: Subagents possess the ability to modify the filesystem, execute tests, and perform git operations including commits and pull requests. Sanitization: The skill mitigates risks through a process-based control that checks for engineering review markers (e.g., GSTACK REVIEW REPORT) within the plan file, though it allows for a user-confirmed override.
- [SAFE]: The skill follows secure development practices by enforcing a core loop that requires both specification compliance and code quality reviews for every task. This multi-stage verification process, combined with traceability in git history, ensures that automated changes are deliberate and verified against the intended design.
Audit Metadata