validate-delivery
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill executes arbitrary shell commands defined in local project configuration files to validate the build and test status.
- Evidence: The bash snippets in 'Check 2' and 'Check 3' execute
npm test,npm run build,pytest,cargo test, andgo testbased on the existence of project manifest files likepackage.jsonorCargo.toml. - Context: While this is the primary purpose of a 'validate-delivery' skill, it means the agent will execute any code defined in the target repository's test or build scripts.
- [PROMPT_INJECTION] (LOW): The skill contains an indirect prompt injection surface by parsing external task descriptions into instructions without sanitization.
- Ingestion points: The
extractRequirementsfunction parsestask.descriptionfor bulleted and numbered lists (SKILL.md, Check 4). - Boundary markers: Absent. There are no delimiters or instructions to ignore embedded commands within the extracted requirements.
- Capability inventory: The skill has the capability to execute shell commands (
npm,pytest, etc.) and modify workflow state viaworkflowState.completePhase. - Sanitization: Absent. Requirements are extracted via regex and passed directly to a verification function.
- [DATA_EXFILTRATION] (SAFE): No hardcoded credentials, sensitive file access (beyond project manifests), or unauthorized network requests were detected.
Audit Metadata