workflow
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill performs shell execution of development tools and scripts (e.g.,
npm run build,pytest,go test) to enforce quality gates during implementation phases. These commands are dynamically determined based on the local project's configuration files. - [PROMPT_INJECTION] (LOW): The skill exhibits an indirect prompt injection surface as it ingests and processes content from the local codebase (via
focusandreviewactions) and external web searches (during production-modereview). It lacks explicit boundary markers or sanitization processes to prevent malicious instructions within this data from influencing agent behavior. - Ingestion points: Local source code files scanned during analysis and automated reviews; Web search results for production best practices.
- Boundary markers: Absent; no specific delimiters or 'ignore' instructions are used for ingested content.
- Capability inventory: Shell command execution (
quality-gates.md), file system modification, and updating of persistent agent configuration files. - Sanitization: Absent; no evidence of escaping or validating ingested content.
- [DATA_EXFILTRATION] (LOW): The skill accesses and proposes modifications to global agent configuration files located in the user's home directory (e.g.,
~/.claude/CLAUDE.md,~/.cursorrules). While this is used to implement a 'memory' feature for agent improvement, it involves accessing sensitive configuration data outside the project directory. - [EXTERNAL_DOWNLOADS] (LOW): In
references/testing-automation.md, the skill proposes the installation of development dependencies and test runners via standard package managers (npm,pip, etc.) if they are missing from the project environment.
Audit Metadata