eld
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: Extensive analysis of the skill documentation and templates reveals no evidence of malicious code, hardcoded credentials, or unauthorized data exfiltration. The skill focuses on a structured 'Evidence-Loop' workflow for development and debugging.
- [PROMPT_INJECTION]: The skill uses operational triggers (e.g., '/eld-spec') and behavioral guidelines (e.g., 'Epistemic Humility') to manage agent tasks. No instructions were found that attempt to bypass AI safety filters or override core system directives.
- [INDIRECT_PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection as it processes untrusted external data (source code and user input) and has capabilities to alter the environment.
- Ingestion points: The skill ingests data from the local codebase using tools like
Grep,LSP,serena, andkiri, as well as processing user-provided requirements in the 'Sense' and 'Spec' phases. - Boundary markers: The skill employs structured Markdown templates (Issue Contract, Law/Term Cards), YAML metadata, and a JSON-based 'Claim Schema' to delineate and validate information.
- Capability inventory: Capabilities include reading files, performing symbol-based code edits (
replace_symbol_body), and executing version control commands (git-commit). - Sanitization: Mitigations include the 'Predict-Light' risk gating mechanism, 'Review Hybrid' which mandates human review for sensitive areas (security, concurrency, billing), and strict 'Grounding' requirements for automated testing (Evidence Ladder L1-L4).
Audit Metadata