omakase-off
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill uses standard Git commands (
git worktree add,git branch -D,git worktree remove) to manage isolated development environments for different code variants. These are standard operations for the intended development use-case. - [REMOTE_CODE_EXECUTION] (SAFE): The skill orchestrates the creation and execution of code and scenario tests through sub-agents. While this involves code execution, it is performed locally on generated code as part of the primary development purpose, with no evidence of fetching or executing untrusted remote scripts.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill acts as a high-level orchestrator that passes user-provided requirements to sub-agents, creating a vulnerability surface for indirect injection.
- Ingestion points: User input in Phase 0 ("build X", "create Y") and Phase 1 (brainstorming responses) are used to define the scope and implementation plans.
- Boundary markers: The workflow does not explicitly mention the use of delimiters or 'ignore embedded instructions' warnings when passing these requirements to the
writing-plansorparallel-agentsskills. - Capability inventory: The system has significant capabilities including file writing, shell command execution via Git, and agent dispatching.
- Sanitization: There is no evidence of sanitization or validation for user-provided strings like
<feature>or<slug>, which are used in file paths and branch names.
Audit Metadata