pair-programming
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection attacks because it ingests and analyzes local source code.
- Ingestion points: Processes local files and project structures via commands like
/analyze,/review, and/find(documented inreferences/usage.md). - Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions when interpolating code content into prompts.
- Capability inventory: The skill can write to the file system (
/implement,/refactor,/document), execute tests via shell commands (/test), and perform version control operations (git). - Sanitization: No explicit sanitization or validation of ingested code content is described.
- [COMMAND_EXECUTION]: The skill relies on the execution of the
claude-flowCLI and standard developer tools such asgit,npm, and various testing frameworks (e.g.,Jest,pytest). These commands are used to manage sessions, roles, and the development lifecycle. - [EXTERNAL_DOWNLOADS]: The documentation includes instructions to download and install the
claude-flowCLI tool globally via thenpmpackage manager.
Audit Metadata