dev-implement
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests data from external sources like Jira tickets and implementation plans without explicit security boundaries or sanitization.\n
- Ingestion points: Jira ticket descriptions and "Implementation Plan" comments (SKILL.md).\n
- Boundary markers: None identified. The skill does not wrap external content in delimiters or include instructions to ignore embedded commands.\n
- Capability inventory: The skill can execute shell commands, modify the file system, and dispatch subagents with the ingested data.\n
- Sanitization: No explicit sanitization of Jira or plan content is mentioned before processing.\n- [COMMAND_EXECUTION]: External input is used directly in shell commands, creating a potential injection vector.\n
- Evidence: The command
git worktree add "$WORKTREE_PATH" -b "$BRANCH_NAME"(SKILL.md) uses branch names derived from plan names or ticket IDs. If these strings contain shell metacharacters, it could lead to arbitrary command execution.\n- [SAFE]: The skill implements security-conscious practices by requiring a quality reviewer subagent to check for hardcoded secrets or credentials (agents/quality-reviewer-agent.md).
Audit Metadata