delivering-mvp-fleet

Pass

Audited by Gen Agent Trust Hub on Jul 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill implements a legitimate multi-agent orchestration workflow. It manages project state through a local file system and structured documentation.
  • [COMMAND_EXECUTION]: The bundled script scripts/flow.py is a utility for managing a task board in JSON format. It performs standard file operations (reading/writing board.json) and graph validation (dependency checks, cycle detection). The script does not utilize network resources or execute arbitrary external commands.
  • [PROMPT_INJECTION]: The skill exposes a surface area for indirect prompt injection, as it ingests and processes untrusted user data into agent mandates.
  • Ingestion points: SKILL.md (Phase 0: 'vague idea', Phase 4: 'user reports a bug').
  • Boundary markers: The mandate template in references/worker-protocol.md provides structural organization but lacks explicit delimiters (such as XML tags or dedicated 'ignore instructions' warnings) to isolate untrusted user input within the worker's context.
  • Capability inventory: scripts/flow.py (file system writes). The orchestrator agent is designed to manage and spawn other agents/workers.
  • Sanitization: The instructions do not specify sanitization or validation of user-provided product ideas or bug reports before they are interpolated into mandates.
  • Note: This reflects the inherent risk model of orchestration skills. The framework attempts to mitigate this through 'Honesty invariants' and alignment benchmarks called 'golden case cards'.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 7, 2026, 12:30 PM
Security Audit — agent-trust-hub — delivering-mvp-fleet