distill
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill reverse-engineers source code into BDD specifications, which introduces a surface for indirect prompt injection. Malicious instructions embedded in the analyzed code could potentially influence the agent's behavior during the extraction process.\n
- Ingestion points: Project source code, existing feature files in beat/features/ and beat/changes/, and project configuration in beat/config.yaml.\n
- Boundary markers: The skill requires the use of git worktree isolation (via the using-git-worktrees prerequisite) before any files are processed to prevent workspace contamination.\n
- Capability inventory: The agent performs file system writes to create change containers and uses Git commands (git add, git commit) to manage artifacts.\n
- Sanitization: The instructions mandate independent verification of all generated scenarios using the /beat:verify tool to ensure they accurately reflect current code behavior and have not been corrupted by malicious input.
Audit Metadata