dev
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs autonomous execution of tasks during 'Stage 4: Build' after the initial plan is approved. This involves multiple tool calls including file modifications and shell commands via the Bash tool without further user intervention.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection from codebase content. Ingestion points: Stage 1 (Research) reads file contents, git history, and project manifests. Boundary markers: No explicit delimiters or 'ignore embedded instruction' markers are used when processing this external data. Capability inventory: The skill has high-privilege tool access including Bash, Write, and Agent. Sanitization: There is no evidence of sanitization or validation for retrieved codebase content before it influences planning and execution.
- [COMMAND_EXECUTION]: The skill utilizes the Agent tool to spawn subagents (researcher, critic, validator) for specialized tasks, granting them significant autonomy within the defined workflow phases.
Audit Metadata