conductor-newtrack
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the agent to execute shell commands for version control, specifically 'git add' and 'git commit', to update the project's 'tracks.md' file upon creation of a new work unit as specified in 'references/track-planning.md'.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it incorporates external project data into its decision-making process without sanitization.
- Ingestion points: Documentation files such as 'product.md', 'tech-stack.md', and 'workflow.md' are read from the file system to initialize project context ('references/resolution-protocol.md').
- Boundary markers: The planning protocols do not define the use of clear delimiters or instructions to ignore potential instructions embedded within the ingested project files.
- Capability inventory: The skill has the capability to create directories, write multiple file types (.md, .json), and execute Git-related shell commands.
- Sanitization: There is no specified logic for sanitizing or validating the contents of the project files before they are interpreted and used by the agent to generate implementation plans.
Audit Metadata