work
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: No malicious patterns, such as data exfiltration, persistence mechanisms, or credential theft, were detected within the skill's instructions or scripts. A hardcoded absolute path containing a local username was identified in the lint script, but this is a configuration detail and does not pose a security risk.\n- [COMMAND_EXECUTION]: The skill relies on several CLI tools (
lev,tracker,cm,cass,jq) and executes local shell scripts (lint-work-contract.sh,test-integration.sh) to perform its intended lifecycle management functions. This behavior is consistent with the skill's role as a workflow router.\n- [PROMPT_INJECTION]: The skill defines a surface for processing external research data, which creates an entry point for indirect prompt injection. However, the skill provides structural mitigations through a deterministic FSM, mandatory validation gates, and the use of hard-coded templates for all durable artifacts.\n - Ingestion points: Untrusted data enters the agent context during the 'DISCOVER' and 'RESEARCH' phases via data-gathering tools such as
lev getandlev-research.\n - Boundary markers: The skill enforces the use of structured PM artifacts (reports, proposals, specs) and specific templates stored in
.lev/pm/to isolate and define context.\n - Capability inventory: The skill possesses capabilities for filesystem writes, CLI tool execution, and the spawning of ephemeral subagents.\n
- Sanitization: No explicit content-level sanitization (e.g., escaping or filtering) is documented, although the 'Guard' scoring system and 'Validation Gates' provide high-level structural checks on output relevance and completeness.
Audit Metadata