autonomous-delivery
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructs the agent to proactively request API keys, bot tokens, and other secrets from the user and store them in local environment files.
- [COMMAND_EXECUTION]: The workflow involves an autonomous loop for continuous implementation and validation with minimal interruption, which reduces the user's ability to monitor or intercept commands.
- [PROMPT_INJECTION]: The execution is driven by instructions found in docs/TASKS.md within the repository, making the agent susceptible to indirect prompt injection if the repository content is untrusted. The evidence chain includes: (1) Ingestion point: docs/TASKS.md; (2) Boundary markers: Absent; (3) Capability inventory: Autonomous implementation and file-writing across the repository; (4) Sanitization: Absent.
Audit Metadata