realisera
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs extensive shell command execution as part of its development cycle.
- Executes local Python scripts included in the suite: 'scripts/analyze_progress.py', 'scripts/effective_profile.py', 'scripts/compact_artifact.py', and 'scripts/eval_skills.py'.
- Invokes project-level verification tools such as 'go test', 'npm test', 'pytest', and 'cargo test' during the 'Verify' step.
- Manages git operations including 'git log', 'git status', and 'git commit'.
- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection by design.
- Ingestion points: Ingests project source code and architectural artifacts (VISION.md, TODO.md, etc.) which could contain malicious instructions.
- Boundary markers: Does not implement explicit markers to separate instructions from untrusted data during file reading.
- Capability inventory: Possesses broad capabilities including file system modification, shell execution, and sub-agent dispatch.
- Sanitization: Does not specify sanitization or validation of the content processed from project files.
- [DATA_EXFILTRATION]: No exfiltration risks were identified. The skill contains a critical safety rail: 'NEVER push to any remote. Local commits only.' Network requests are limited to seeking inspiration and verifying local web services.
- [SAFE]: The skill exhibits standard autonomous agent behavior with well-defined state artifacts and safety constraints that align with its primary purpose of local software development.
Audit Metadata