ai-dev-workflow
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute standard software development and verification commands.
- Evidence: Instructions include running
npx tsc --noEmit,npx jest, andnpx cucumber-jsto validate implementation against specifications. - Context: These operations are restricted to the local development environment and are essential for the skill's primary purpose of behavior-driven development and automated testing.
- [PROMPT_INJECTION]: The workflow incorporates an indirect ingestion surface by reading external project documentation files (
SPEC.md,AGENTS.md, and.featurefiles). - Ingestion points: Project specification files and Gherkin feature definitions located in the repository.
- Boundary markers: The skill uses a structured 'Phase' approach to separate understanding, planning, and implementation steps, though it does not define explicit delimiters for content within the specification files.
- Capability inventory: The agent possesses the capability to execute shell commands and modify source code based on the instructions found in the ingested files.
- Sanitization: The workflow relies on the agent's interpretation and user review of the generated plans and code modifications.
Audit Metadata