detail
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill generates and suggests the execution of local development commands for various test runners (vitest, playwright, jest) and version control (git add, git commit). These operations are intended for project maintenance and testing within the local development environment.
- [EXTERNAL_DOWNLOADS]: The skill references external Figma design URLs and utilizes an MCP tool to fetch design context. Figma is a well-known and trusted service for UI/UX design collaboration.
- [DATA_EXFILTRATION]: Analysis of data handling found no evidence of sensitive data exfiltration or unauthorized network transmissions. Network activity is limited to fetching design context from a well-known service.
- [PROMPT_INJECTION]: The instructions contain tool restrictions (banning specific built-in planning modes) and process rules to guide the agent's behavior within the intended workflow. These are standard task-specific instructions and do not attempt to bypass core safety or ethical guidelines.
- [INDIRECT_PROMPT_INJECTION_SURFACE]: The skill processes untrusted content from the user's repository.
- Ingestion points: The skill reads design documents from
docs/arc/specs/and project configuration files. - Boundary markers: No explicit boundary markers or instructions to ignore embedded commands were found in the prompt templates.
- Capability inventory: The skill has the ability to write files, execute shell commands (via test runners and git), and spawn sub-agents.
- Sanitization: No sanitization or validation of the content of the design documents is performed before using it to generate tasks.
- Note: This identifies an attack surface for indirect prompt injection via compromised repository content, though it is considered a low risk in its intended context.
Audit Metadata