verification-before-completion
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: LOWPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Prompt Injection] (LOW): The skill uses extremely forceful, imperative language (e.g., 'IRON LAW', 'non-negotiable', 'You cannot claim', 'Spirit over letter') to override standard agent behavior. While intended to ensure reporting accuracy, such absolute behavioral overrides are a pattern frequently observed in prompt injection attempts.
- [Command Execution] (LOW): The 'Gate Function' explicitly instructs the agent to 'IDENTIFY' and 'RUN' commands (e.g., 'Execute the FULL command'). The skill provides no list of allowed commands or sanitization logic, relying entirely on the agent to safely identify verification commands from its context.
- [Indirect Prompt Injection] (LOW): The skill mandates that the agent read and rely on potentially untrusted external data. 1. Ingestion points: STDOUT/STDERR from 'test', 'build', and 'linter' commands, and VCS diff outputs. 2. Boundary markers: Absent; the agent is instructed to 'READ: Full output' with no delimiters or warnings to ignore embedded instructions. 3. Capability inventory: The agent is assumed to have subprocess execution and file system access to perform the required verification. 4. Sanitization: Absent; there is no instruction to validate or sanitize the output before the agent processes it to confirm its status.
Audit Metadata