deep-dive
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests untrusted data from the codebase and user input to inform the interview process. It proactively mitigates this risk by instructing the agent to treat trace-derived text as data rather than instructions and requiring the use of
<trace-context>delimiters. - Ingestion points: Codebase exploration (Phase 1) and user-provided problem statements (Phase 1, 4).
- Boundary markers: Explicit use of
<trace-context>tags. - Capability inventory: File system access via
Write, sub-agent execution viaAgent, and skill handoff viaSkill(). - Sanitization: Explicit instructions to the agent to interpret injected text as quoted context only.
- [COMMAND_EXECUTION]: Orchestrates complex workflows by invoking other skills (
trace,deep-interview,omc-plan,autopilot) and potentially calling a dynamically configured MCP tool (companyContext.tool) based on local configuration files. This behavior is transparent and consistent with the skill's stated purpose as an orchestrator. - [DATA_EXPOSURE]: Accesses project-specific configuration and state files (e.g.,
settings.json,.omc/specs/) to maintain context across sessions and resolve runtime thresholds. This access is limited to the tool's own operational environment.
Audit Metadata