implement-with-instructions
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands for querying package versions (e.g., npm view, cargo info, pip index) and running automated tests to verify code changes during the implementation loop.\n- [EXTERNAL_DOWNLOADS]: Fetches external information and code context from the web using developer tools like Exa and documentation reference tools like Context7 to ensure correct implementation logic.\n- [PROMPT_INJECTION]: Identifies a surface for indirect prompt injection (Category 8) because the agent processes potentially untrusted content from external documentation or user-provided files.\n
- Ingestion points: External code snippets and web search results (via Exa), as well as user-provided instructions and local file pointers.\n
- Boundary markers: None explicitly defined in the skill to distinguish between instructions and data in fetched content.\n
- Capability inventory: The agent possesses the capability to modify files, commit to Git, and execute shell commands for testing and dependency management.\n
- Sanitization: The risk is mitigated by a mandatory human-in-the-loop precondition where the agent must derive an acceptance criteria list and obtain explicit user confirmation before proceeding with any implementation.
Audit Metadata