showdown
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes several shell commands to manage development environments, including 'git worktree add', 'git worktree remove', 'git branch -D', and 'diff -r'. These commands are used for their intended purpose within the branch-based parallel development workflow.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes external design documentation to generate executable code and implementation plans.
- Ingestion points: The skill reads from 'docs/plans//design.md' as the source of truth for all runners (Phase 1, Phase 2).
- Boundary markers: No explicit delimiters or instructions are provided to the LLM to ignore potentially malicious instructions embedded within the design documents.
- Capability inventory: The environment includes capabilities for writing files ('mcp__speed-run__generate_and_write_files') and executing shell commands (via git and testing tools).
- Sanitization: The skill does not describe any sanitization, filtering, or validation steps for the content of the design document before it is processed by the runners.
Audit Metadata