Skills
skills/ab300819/skills/devdocs-dev-tasks/Gen Agent Trust Hub

devdocs-dev-tasks

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill's functionality is consistent with its stated purpose of project planning and task management. No malicious patterns, obfuscation, or safety bypasses were found.
  • [COMMAND_EXECUTION]: The skill is authorized to use the Bash tool for operational tasks. Analysis of the instructions shows these commands are intended for local development orchestration and does not reveal any patterns of dangerous command construction or remote execution.
  • [PROMPT_INJECTION]: The skill ingests untrusted data from requirements and design documents, which is a surface for indirect prompt injection. This is noted as a risk factor inherent to the skill's primary function.
  • Ingestion points: Files located at docs/devdocs/01-requirements.md, 02-system-design.md, and 03-test-cases.md.
  • Boundary markers: The skill does not define specific delimiters to separate external document content from its internal instructions.
  • Capability inventory: The skill uses Bash, Read, Write, Glob, Grep, and TodoWrite tools.
  • Sanitization: There is no evidence of sanitization or validation logic applied to the content retrieved from external documents.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 03:05 AM