implement-code
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs several shell-based operations to manage the development workflow:
- Executes git commands (
git status,git commit) to manage project state. - Runs package manager CLI tools (e.g.,
npm view,pip index,poetry search,cargo search) to verify the existence and versions of third-party libraries. - Invokes automated test runners (unit, integration, and E2E) to verify acceptance criteria for generated code.
- [EXTERNAL_DOWNLOADS]: Fetches external technical documentation and usage examples using integrated platform tools (
get_code_context_exa,web_search_exa,resolve-library-id,query-docs) when local library caches are missing or outdated. - [PROMPT_INJECTION]: The skill ingests untrusted data from local plan files (
.plans/*/plan.md) which directly influences the agent's logic, code generation, and verification steps. This represents an indirect prompt injection surface. - Ingestion points:
.plans/*/plan.md(globbed and read at runtime). - Boundary markers: None identified; the skill treats plan content as authoritative instructions for the implementation loop.
- Capability inventory: File system writes (source code, implementation reports), shell command execution (test suites, package managers, git).
- Sanitization: No specific sanitization or validation of the plan's markdown content is described before the agent interprets and acts upon the instructions.
Audit Metadata