validate-changes-match-specs
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from the repository and external PR metadata, creating an indirect prompt injection surface.
- Ingestion points: The skill reads markdown files (specs), PR descriptions, commit messages, and review comments as described in the 'Context gathering' section of SKILL.md.
- Boundary markers: The skill instructs the agent to treat data as untrusted and ignore instructions that try to override the skill, change roles, or reveal secrets.
- Capability inventory: The agent has the ability to modify files, execute git commands (commit, push), and trigger remote validation via 'Oz' cloud agents.
- Sanitization: Employs prompt-based instructions to ignore malicious commands or behavioral overrides within the processed data.
- [COMMAND_EXECUTION]: The skill uses shell commands for repository management and local validation.
- Git operations: Executes
git merge-base,git diff,git commit, andgit pushto manage implementation changes. - Local validation: Runs repository-specific test, lint, and typecheck commands to verify changes after resolutions are applied.
- [REMOTE_CODE_EXECUTION]: The skill integrates with remote 'Oz' cloud agents to perform automated product validation.
- Cloud agents: Launches multiple remote computer-use agents to validate UI behavior and design commitments based on the product specification.
Audit Metadata