development-contract-process
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to identify and execute repo-local commands, specifically a 'checker command' and 'lifecycle helper' (SKILL.md, Core workflow step 8). The provided example script (references/run-release-checklist.example.sh) further demonstrates execution of local shell scripts and build tools like cmake, ctest, and valgrind based on repository content.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it mandates that the agent treats repository-local files as the 'single source of truth' for its operational logic.
- Ingestion points: The agent is directed to search for and read 'change-contract-policy', 'feature_records', and 'check-change-contracts' within any repository it is applied to (SKILL.md, Policy discovery).
- Boundary markers: None. There are no instructions to the agent to disregard or sanitize instructions embedded within these external files.
- Capability inventory: The agent has the capability to execute shell commands, run build targets, and modify files (referenced in SKILL.md and run-release-checklist.example.sh).
- Sanitization: None. The skill does not implement validation or escaping for the data ingested from the repository policy files before using it to determine which commands to run.
Audit Metadata