iterative-development
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The instructions contain strong imperative language (e.g., 'VERY IMPORTANT!', 'Follow the above steps EXACTLY!!!') to ensure the agent adheres to an iterative workflow. These are operational constraints for process integrity rather than attempts to bypass security filters or override system-level safety instructions.
- [INDIRECT_PROMPT_INJECTION]: The skill processes task definitions from
.ai/[feature]/tasks.md. Although reading content from project files creates an attack surface for indirect prompt injection, the skill's core logic mitigates this by requiring explicit user confirmation ('Ready for the next sub-task?') before executing any subsequent task. - Ingestion points: .ai/[feature]/tasks.md
- Boundary markers: None explicitly defined
- Capability inventory: Local file writes and execution of repository-defined linting and testing commands
- Sanitization: None; the workflow relies on a human reviewer for each step
Audit Metadata