cs-feat-qa

Pass

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill's primary function is to execute shell commands found in various project files, including design documents, READMEs, Makefiles, and package scripts. This involves running unit, integration, and E2E tests, as well as API and CLI calls.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted data from the workspace and uses it to drive agent actions.
  • Ingestion points: The agent reads instructions and command definitions from {slug}-design.md, README, Makefile, package.json, and CI configurations.
  • Boundary markers: No explicit boundary markers or 'ignore embedded instructions' warnings are present to protect the agent from malicious content within these files.
  • Capability inventory: The agent has the capability to execute shell commands and write reports to the local file system based on the ingested data.
  • Sanitization: There is no evidence of sanitization or validation of the commands extracted from documentation before execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 30, 2026, 07:23 AM
Security Audit — agent-trust-hub — cs-feat-qa