cook
Pass
Audited by Gen Agent Trust Hub on May 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes project-defined quality gates, including tests, linters, type-checkers, and build commands as part of the TDD implementation workflow.
- [COMMAND_EXECUTION]: A bundled Python utility script (
cook.pyz) is used to resolve artifact paths; this script executesgitcommands via subprocess for environment discovery (e.g., retrieving the project root and origin URL). - [PROMPT_INJECTION]: The skill processes untrusted natural language requirements from external 'spec' files and pasted requirements, creating an indirect prompt injection surface (Category 8).
- Ingestion points: SKILL.md specifies reading specs via path or slug and processing pasted text or issues.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are specified for the ingested content.
- Capability inventory: The skill can execute shell commands for testing/building and write to the filesystem via the
cheez-writeskill. - Sanitization: No sanitization or validation of the ingested natural language instructions is mentioned.
- [EXTERNAL_DOWNLOADS]: The skill references external development tools like
gh(GitHub CLI),delta,just, andmergiraf.ghis a well-known service tool, and others are common developer utilities.
Audit Metadata