Skills
skills/l3wi/agents-workflow/feature/Gen Agent Trust Hub

feature

Pass

Audited by Gen Agent Trust Hub on Apr 26, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill demonstrates an indirect prompt injection surface as it ingests and processes instructions from specification files (docs/specs/*.md) to guide the implementation workflow and generate PR metadata. Malicious content within these files could influence agent behavior.
  • Ingestion points: Feature name from user input and specification files from the local repository (SKILL.md, Phase 2-3).
  • Boundary markers: The skill does not define clear delimiters or instructions to ignore nested directives when processing spec content.
  • Capability inventory: Shell command execution via git, gh, wt, and bun across various implementation phases.
  • Sanitization: No explicit validation or sanitization of spec data or user-provided feature names is mentioned before they are interpolated into shell commands.
  • [COMMAND_EXECUTION]: The skill leverages shell commands including git, gh (GitHub CLI), and bun to automate repository state management, testing, and collaboration. This execution is central to the skill's purpose but involves using externally provided strings in command templates (SKILL.md, Phase 6-9).
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 26, 2026, 01:34 AM
Security Audit — agent-trust-hub — feature