sprint-forge
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to execute standard development commands such asnpm test,pytest,npm run lint, andgrep. These are used for project-specific tasks like running test suites, verifying type safety, and scanning for secrets or debug artifacts. - [INDIRECT_PROMPT_INJECTION]: The skill demonstrates an indirect prompt injection attack surface by ingesting and processing untrusted data (external codebases).
- Ingestion points: In
assets/modes/INIT.md, the agent performs a 'Deep Analysis' of the codebase usingGlob,Grep, andReadtools. - Boundary markers: The generated findings and sprint templates do not implement specific delimiters or instructions to ignore malicious content embedded within the analyzed code.
- Capability inventory: The agent is granted
Bash,Edit,Write, andTaskcapabilities, which are used to modify the codebase and execute commands based on the generated plan. - Sanitization: There is no evidence of automated sanitization or escaping of code content before it is summarized into findings or tasks.
Audit Metadata