skill-implementer
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns detected. The skill performs routine project management tasks.
- [COMMAND_EXECUTION]: The skill uses the Bash tool to interact with the file system, update JSON state using jq, and manage version control via git. It includes validation steps to ensure task existence before proceeding.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it reads task descriptions from state.json and interpolates them into the prompt for the general-implementation-agent subagent.
- Ingestion points: Reads task metadata from specs/state.json (Stage 1) and subagent results from .return-meta.json (Stage 6).
- Boundary markers: Absent.
- Capability inventory: Uses Bash (git, rm, jq), Write, Edit, and Task tools.
- Sanitization: Uses jq for basic JSON validation and variable mapping.
Audit Metadata