auto
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to 'Run all commands listed in prd.json config.quality_checks' during its autonomous loop. This creates a direct path for arbitrary shell command execution if the
prd.jsonfile is modified by an attacker or if the agent generates unsafe commands during its 'discovery' phase. - [REMOTE_CODE_EXECUTION]: The 'Pilot Mode' and 'Autonomous Loop' involve the agent independently generating, implementing, and testing code. This high-level autonomy, combined with the ability to execute shell commands for quality checks, presents a significant risk if the agent's task discovery process is targeted by indirect prompt injection from untrusted source code or documentation.
- [INDIRECT_PROMPT_INJECTION]: The skill processes external data to drive its behavior.
- Ingestion points: Reads project state from
prd.json,progress.md, andCLAUDE.md. - Boundary markers: None identified in the instructions; the agent treats the content of these files as state truth.
- Capability inventory: The agent can perform git commits, update files, and execute arbitrary shell commands via the
quality_checksconfiguration. - Sanitization: No evidence of sanitization or validation of the commands retrieved from
prd.jsonbefore execution. - [EXTERNAL_DOWNLOADS]: The documentation references external resources such as the Ralph Wiggum GitHub repository and a methodology blog post. These are documented as informational origins for the skill's logic.
Audit Metadata