impl
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it reads task definitions and state configurations from the local filesystem to populate sub-agent prompts. This ingestion is essential for its primary function as a task coordinator.\n
- Ingestion points: Reads
state.jsonand task markdown files in the{output_dir}/{feature_name}/tasks/directory.\n - Boundary markers: The instructions do not explicitly mandate delimiters or 'ignore' instructions when passing file content to sub-agents.\n
- Capability inventory: The skill uses the
Agenttool to dispatch sub-agents capable of file modification, shell command execution (for testing), and Git operations.\n - Sanitization: No explicit sanitization of the file-based input is performed before interpolation into prompts.\n- [COMMAND_EXECUTION]: The workflow involves running test suites and performing Git commits. These actions are legitimate and necessary for the Test-Driven Development (TDD) process the skill is designed to facilitate.\n- [DATA_EXFILTRATION]: The skill's file operations are localized to project directories and temporary paths. Analysis found no evidence of network exfiltration, access to sensitive credentials, or unauthorized data transmission.
Audit Metadata