pair-programming

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection attacks because it ingests and analyzes local source code.
  • Ingestion points: Processes local files and project structures via commands like /analyze, /review, and /find (documented in references/usage.md).
  • Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions when interpolating code content into prompts.
  • Capability inventory: The skill can write to the file system (/implement, /refactor, /document), execute tests via shell commands (/test), and perform version control operations (git).
  • Sanitization: No explicit sanitization or validation of ingested code content is described.
  • [COMMAND_EXECUTION]: The skill relies on the execution of the claude-flow CLI and standard developer tools such as git, npm, and various testing frameworks (e.g., Jest, pytest). These commands are used to manage sessions, roles, and the development lifecycle.
  • [EXTERNAL_DOWNLOADS]: The documentation includes instructions to download and install the claude-flow CLI tool globally via the npm package manager.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 06:40 AM
Security Audit — agent-trust-hub — pair-programming