batch
Pass
Audited by Gen Agent Trust Hub on Jun 21, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes codebase content and user requirements to generate implementation plans. This vulnerability is mitigated by a mandatory human-in-the-loop approval step (Phase 3), requiring the user to review and approve the units, file lists, and test commands before agents are dispatched. Additionally, the skill includes explicit instructions to use isolated git worktrees for each task.
- [COMMAND_EXECUTION]: The skill performs local command execution using standard development tools such as
git,grep,find, andgh. These operations are restricted to the local repository context and temporary worktree directories, which is consistent with the skill's primary purpose of codebase orchestration and management. - [DATA_EXFILTRATION]: Network activity is limited to
git pushandgh pr createoperations. These operations target the project's officially configured remote repository and are used solely for creating pull requests. No unauthorized data transmission to third-party domains was detected.
Audit Metadata