sprint-protocol
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill processes external, user-provided documents such as research packets and system designs to generate implementation stories. This ingestion of untrusted data creates an indirect prompt injection surface. However, the protocol mitigates this risk through a mandatory human-in-the-loop review phase (Phase 3) and the use of strictly defined story templates that scope the worker agents' tasks.
- [COMMAND_EXECUTION]: The protocol involves the execution of local shell commands for version control (git), testing (unit/integration suites), and browser-based verification. It also includes instructions for running a local recovery script (
sprint-doctor.mjs) to rebuild the agent's task state from file artifacts in the event of context compaction.
Audit Metadata