doubt-early
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes Bash commands used for health-checking the availability of well-known developer CLI tools such as
claude,gemini,codex, andopencode. These checks are performed within isolated temporary directories created viamktemp. - [DATA_EXFILTRATION]: The workflow involves sharing project artifacts and contracts with external CLI agents for review. This is the intended primary purpose of the skill and targets well-known technology services.
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and act upon data returned from secondary AI models, which constitutes a potential injection surface.
- Ingestion points: Step 4 (RECONCILE) processes finding artifacts from external reviewers in
SKILL.md. - Boundary markers: The skill suggests using structured
ARTIFACTandCONTRACTblocks to separate data from instructions during the review process. - Capability inventory: The agent can execute shell commands to interact with other CLI tools.
- Sanitization: The instructions explicitly warn the agent not to interpolate artifacts into shell arguments, recommending the use of stdin or temporary files to prevent command injection.
Audit Metadata