implement-direct

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFE
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from repository files (requirements.md, solution.md, AGENTS.md) and user-provided briefs which are subsequently used to prompt sub-agents. This creates a surface for indirect prompt injection.
  • Ingestion points: The workflow reads project documentation and user arguments to build the context for sub-agent delegation.
  • Boundary markers: The skill instructions do not explicitly mandate the use of delimiters or instruction-ignore warnings to separate ingested content from the orchestrator's instructions to sub-agents.
  • Capability inventory: Reading local files, managing task lists, spawning sub-agents, and executing validation tools.
  • Sanitization: No content sanitization or validation of the data read from external files is described before it is interpolated into prompts.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 10:41 AM
Security Audit — agent-trust-hub — implement-direct