Skills
skills/andreaserradev-gbj/dev-workflow/dev-checkpoint/Gen Agent Trust Hub

dev-checkpoint

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes PRD files to determine session progress and update status markers. In Step 2 and Step 4, the main agent and the 'checkpoint-analyzer' sub-agent ingest content from these markdown files without explicit boundary markers or instructions to ignore instructions embedded within the data. This creates a surface for indirect prompt injection.
  • Ingestion points: PRD files and existing checkpoint.md files located within the .dev/ directory of the project root.
  • Boundary markers: Absent. There are no delimiters or specific system instructions to the agents to disregard any AI instructions found within the PRD files.
  • Capability inventory: The skill has access to the Bash tool (for executing specific scripts and git commands) and the Read tool. Scripts like scripts/worktree-setup.sh perform file moves and git commits based on the feature name.
  • Sanitization: While scripts/validate.sh performs path traversal checks and slug normalization on feature names, no content-level sanitization is performed on the PRD files themselves.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 06:03 AM