ac-workflow
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the execution of a bundled Node.js script (
scripts/get-context-info.js) to parse and manage project context stored in the.agent-contextdirectory. This script uses standard file system modules to read plan statuses and directory structures. - [COMMAND_EXECUTION]: The workflow relies on external CLI utilities (
agent-context validate,agent-context done) and common development tools likegit diffto verify the state and analyze code changes. - [SAFE]: No evidence of prompt injection, data exfiltration, or obfuscation was found. The skill includes professional development practices, such as security reminders for developers (e.g., avoiding hardcoded secrets and preventing injection attacks) in the
implement.mdprotocol. - [SAFE]: While the skill ingests untrusted data (user task descriptions and project source code), it employs a structured protocol-driven approach with mandatory validation steps and human-in-the-loop checkpoints (
AskUserQuestion) to maintain control over the execution flow.
Audit Metadata