development-lifecycle
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various shell commands to manage the development environment, including git operations (
gh pr,git push), build tools (bun run), container management (docker logs), and test runners (vitest). It also references local scripts such asmux-worktree.shandlifecycle-stop.shfor workspace isolation and gate enforcement.\n- [EXTERNAL_DOWNLOADS]: The instructions recommend installing the@openai/codexpackage viabun. OpenAI is a well-known service and the download targets a recognized organizational scope.\n- [REMOTE_CODE_EXECUTION]: The skill employs a multi-agent architecture, spawning 'background agents', 'parallel research agents', and specialized subagents (e.g.,self-reviewer,adversarial-reviewer,verifier) to perform tasks across different execution contexts.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and processes untrusted data from external sources during its triage and review phases.\n - Ingestion points: GitHub issue comments and pull request feedback are fetched using the
ghCLI tool (REFERENCE.md) and processed by the agent to guide implementation or iteration.\n - Boundary markers: There are no explicit boundary markers or instructions to ignore embedded commands within the processed external data in SKILL.md or REFERENCE.md.\n
- Capability inventory: The skill possesses significant capabilities, including shell command execution (
bun,vitest,docker), browser interaction, and the ability to spawn further agent instances as defined in SKILL.md and REFERENCE.md.\n - Sanitization: No specific sanitization, filtering, or validation logic is described for the content retrieved from external sources before it is interpreted by the agent.
Audit Metadata