hello-verify
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill mandates the execution of verification commands such as lint, test, build, and typecheck, as well as project-local scripts (e.g.,
scripts/turn-state.mjs) to validate and record task outcomes. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests external content from project files and terminal outputs to verify completion criteria.
- Ingestion points: Project documentation files (
requirements.md,tasks.md,contract.json) and the stdout/stderr generated by verification tools. - Boundary markers: None explicitly defined for the ingested file content.
- Capability inventory: Ability to execute shell commands and Node.js scripts in the local environment.
- Sanitization: No sanitization or validation of external data is mentioned in the instructions.
Audit Metadata