workflow
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a legitimate development workflow designed to improve code quality and production readiness through structured planning and validation.
- [COMMAND_EXECUTION]: The skill executes shell commands for linting, building, and testing by auto-detecting the project's technology stack (e.g., npm, pytest, go test). These operations are core to the 'ship' and 'done' actions and are performed on the user's local codebase.
- [DATA_EXPOSURE]: Includes security-focused review perspectives and quality gates that scan for hardcoded secrets and insecure environment variable management to protect the project.
- [INDIRECT_PROMPT_INJECTION]: The skill reads external data (user ideas and codebase files) which could theoretically contain adversarial instructions. However, the skill mitigates this through a structured 'spec-first' approach that enforces strict mapping between acceptance criteria and implementation scope.
- [PERSISTENCE]: Implements a 'memory-update' protocol that allows the agent to suggest persistent updates to configuration files (e.g., CLAUDE.md, .cursorrules) based on session learnings. This is a documented feature for workflow optimization and explicitly requires the user to review and approve every change before it is written to disk.
Audit Metadata