pre-mortem
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes untrusted external data by reading implementation plans and specifications. 1. Ingestion points: .agents/plans/, .agents/specs/, PRODUCT.md, and ao search results. 2. Boundary markers: No explicit delimiters or instructions to ignore embedded prompts are applied to the ingested content before passing it to the council tool. 3. Capability inventory: Subprocess execution of the /council and ao tools, and file write operations to .agents/council/. 4. Sanitization: None observed; however, this risk is intrinsic to the skill's primary purpose of analyzing provided specifications and is managed by the downstream council agents.
- [Data Exposure] (SAFE): Access is limited to project-specific directories and documentation. No sensitive system files or credentials are targeted.
- [Command Execution] (SAFE): Subprocess calls are limited to established internal tools and standard shell utilities for file discovery and reporting. The validation script uses bash for structural integrity checks during development.
Audit Metadata