iterate
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface where external task descriptions are passed to subagents. Ingestion points: The task argument in SKILL.md. Boundary markers: The subagent prompts do not use delimiters or instructions to ignore instructions embedded within the task. Capability inventory: Spawns general-purpose background agents and executes shell commands (git, kill). Sanitization: User-provided task descriptions are interpolated directly into agent prompts without escaping or validation.\n- [COMMAND_EXECUTION]: The skill uses local shell commands for environment management and cleanup. Evidence: Executes git worktree commands for isolation and lsof/kill to terminate dev servers on specific ports during cleanup.
Audit Metadata