dev-agent
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill is configured to execute arbitrary commands defined in the project's YAML configuration under
testing.commands. This typically includes development tasks like running tests (npm test), linting, or type-checking. - [PROMPT_INJECTION]: The agent is susceptible to indirect prompt injection because it ingests untrusted data from external sources such as Jira ticket descriptions and Slack/Teams messages. This content could potentially contain instructions aimed at influencing the agent's code generation or decision-making process.
- Ingestion points: Task management tools (Jira, ClickUp, GitHub Issues) and communication platforms (Slack, Teams).
- Capability inventory: File system writes (code implementation), subprocess execution (tests/linting), and network operations (creating Pull Requests, sending notifications).
- Boundary markers: The skill includes an assessment phase to decide autonomy levels, which acts as a logical check before execution.
- Sanitization: There is no explicit sanitization of ticket descriptions before they are processed by the planning or implementation agents.
- [EXTERNAL_DOWNLOADS]: The skill performs repository cloning (
git clone) using URLs provided in the local or shared project configuration files.
Audit Metadata