build
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted content from
SPEC.mdto guide its code modifications and shell command execution. - Ingestion points: The skill reads
SPEC.md(SKILL.md: LOAD, PLAN, EXECUTE sections) andFORMAT.md(SKILL.md: LOAD section). - Boundary markers: None present. The instructions do not specify any delimiters or warnings to ignore malicious instructions within the specification files.
- Capability inventory: The skill can edit arbitrary files (SKILL.md: EXECUTE step 2), run shell commands for verification (SKILL.md: EXECUTE step 3), and perform git commits (SKILL.md: WRITE POLICY).
- Sanitization: None present. The skill directly translates instructions from the specification into file edits and shell commands.
- [COMMAND_EXECUTION]: The skill executes arbitrary shell commands defined in the specification as 'verification commands' (e.g., test, build, lint). This allows for local command execution based on external input.
- [DATA_EXFILTRATION]: While not explicitly exfiltrating data, the combination of reading files (SPEC.md), editing code, and executing shell commands provides a surface where data could be exfiltrated if the specification file is malicious.
Audit Metadata