eng-verification

Pass

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill creates an attack surface for indirect prompt injection by directing the agent to identify and execute verification commands from its context. A malicious actor could provide a task description or code comment containing a destructive command disguised as a 'verification test' which the agent might then execute.
  • Ingestion points: VCS diffs, agent reports, and task-specific context (SKILL.md).
  • Boundary markers: None present.
  • Capability inventory: Full shell command execution for testing, linting, and building (SKILL.md).
  • Sanitization: None present.
  • [COMMAND_EXECUTION]: The core logic of the skill mandates the execution of arbitrary shell commands (Gate Function, Step 2). The skill does not provide its own scripts but leverages the agent's ability to run system commands to produce 'fresh verification evidence'.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 24, 2026, 07:29 AM
Security Audit — agent-trust-hub — eng-verification