iterate
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute validation commands like npm test, eslint, and tsc as part of its iterative quality check cycle. It also executes local repository scripts for state management and reporting.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection (Category 8).
- Ingestion points: The agent reads local project files using Read, Glob, and Grep tools, and interpolates user-provided task descriptions directly into subagent prompt templates.
- Boundary markers: The Task tool invocation in SKILL.md lacks delimiters or safety instructions to separate untrusted user input from system instructions.
- Capability inventory: The agent has access to powerful tools including Bash for shell access, Write and Edit for file system modification, and the Task tool for spawning autonomous subagents.
- Sanitization: There is no evidence of sanitization, filtering, or validation for data read from the filesystem or provided in arguments before it is processed by the agent.
Audit Metadata