skills/lalulali/vespyr/develop/Gen Agent Trust Hub

develop

Pass

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill manages development environments using Git operations, specifically git worktree for parallel tasks and git merge for feature integration.
  • [COMMAND_EXECUTION]: Automated validation is performed by executing project-defined scripts through npm test and npm run lint.
  • [COMMAND_EXECUTION]: State tracking and lifecycle management are handled by running a local project automation script via node .agents/scripts/orchestrator_state.js.
  • [PROMPT_INJECTION]: The skill processes user stories and product specifications (artifacts/output/02-strategy/product-spec.md). This constitutes an indirect prompt injection surface where instructions embedded in specs could influence implementation; however, this is the core intended purpose of the skill.
  • Ingestion points: artifacts/output/02-strategy/product-spec.md, requirements.md, user-stories.md.
  • Boundary markers: No explicit delimiters are specified to isolate document content from implementation instructions.
  • Capability inventory: Subprocess execution (git, npm, node) and file system manipulation across project and worktree paths.
  • Sanitization: The skill relies on the integrity of artifacts produced in earlier workflow phases.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 24, 2026, 02:26 AM