implement-incremental
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs Git operations (branching, committing, and PR creation) and file system modifications (updating plan manifests and phase files). These actions are aligned with its stated purpose as a development orchestrator and require user confirmation at key steps, such as phase boundaries and final completion.
- [INDIRECT_PROMPT_INJECTION]: The orchestrator ingests data from external files which could potentially contain instructions aimed at subagents. This represents a known attack surface for multi-agent workflows.
- Ingestion points: The skill reads implementation plans from
plan/README.md, task definitions fromplan/phase-N.md, and project rules fromCONSTITUTION.md. - Boundary markers: The skill uses YAML frontmatter and markdown structural headers to delimit metadata from task instructions, which helps maintain context for subagents.
- Capability inventory: The orchestrator has the capability to spawn subagents via the platform's agent tools and modify files across the repository using file-writing tools.
- Sanitization: The skill mitigates risks by implementing mandatory human-in-the-loop confirmation gates at every phase boundary, allowing users to review all agent outputs and detected drift before the workflow proceeds.
Audit Metadata