recipe-fullstack-build
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill ingests untrusted content from the filesystem to drive its orchestration logic and sub-agent prompts.
- Ingestion points: Reads and processes markdown task files from
docs/plans/tasks/(SKILL.md). - Boundary markers: Partially mitigated by appending a "Scope boundary for subagents" block to sub-agent prompts to limit the context of sub-operations (SKILL.md).
- Capability inventory: Possesses the ability to execute
git commit, delete files in thedocs/plans/directory, and invoke other specialized sub-agents (SKILL.md). - Sanitization: The skill does not explicitly describe sanitization or validation of the content within the task files before passing them to the sub-agents.
- [COMMAND_EXECUTION]: Filesystem and Version Control Operations. The skill performs sensitive operations as part of its primary lifecycle.
- Git Operations: The skill is instructed to execute
git commitautomatically upon receiving approval from quality-fixer sub-agents (SKILL.md). - File Deletion: The skill performs cleanup by deleting task files in
docs/plans/tasks/upon completion of the workflow (SKILL.md).
Audit Metadata