caffeine
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (SAFE): The skill processes plan artifacts from the filesystem to drive its execution loop, which is a standard surface for coding agents. Ingestion points: .caffeine/plans//plan.md (referenced in SKILL.md). Boundary markers: Absent; the agent is instructed to treat the file content as canonical. Capability inventory: Includes execute, draft, test, and review commands via the caffeine MCP tool. Sanitization: No explicit sanitization or validation steps are defined within the prompt instructions.
- Dynamic Execution (SAFE): The skill is designed for autonomous code implementation and testing. This high-autonomy behavior is the intended primary purpose of the skill and is logically restricted to the provided MCP tool contract.
Audit Metadata