agent-output-audit
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill identifies and executes shell commands discovered from the repository being audited (e.g.,
npm test,make verify). This is the intended behavior for a QA audit tool designed to verify repository state. - [SAFE]: The skill maintains an 'indirect prompt injection' surface (Category 8) because it ingests untrusted repository data and has command execution capabilities. However, this is inherent to its primary purpose as an auditor.
- Ingestion points: Project configuration files (
package.json,Makefile, etc.) and task artifacts (task_NN.md) from the audited repository. - Boundary markers: None explicitly defined for interpolating repository content into the agent's prompts.
- Capability inventory: Execution of shell commands (install, lint, build, test) and file system writes to specified output directories.
- Sanitization: The
discover-project-contract.pyscript uses regular expressions for target identification but does not perform comprehensive sanitization of the resulting command strings. - [SAFE]: The included script
scripts/discover-project-contract.pyis a utility for identifying project commands through static analysis. It does not perform network operations or access sensitive system files. - [SAFE]: The instructions emphasize an 'independent evaluator' stance, explicitly instructing the agent to disregard self-reports (such as transcript success or checkboxes) from the implementing agent and rely solely on objective evidence like fresh test results and code diffs.
Audit Metadata