impl
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is susceptible to indirect prompt injection via the
Plans.mdfile. - Ingestion points: The agent reads task descriptions and implementation requirements directly from
Plans.md(referenced inSKILL.mdandimplementing-features.md). - Boundary markers: None identified; there are no instructions to ignore or sanitize embedded instructions within the task descriptions.
- Capability inventory: The skill has high-privilege capabilities including
Bashcommand execution,Write, andEditfile operations. - Sanitization: There is no evidence of input validation or escaping for the content read from
Plans.mdbefore it influences the agent's actions. - [Command Execution] (SAFE): The skill uses
Bashfor standard development tasks such as running tests (npm test), building projects (npm run build), and type checking (npx tsc). These are appropriate for its stated purpose as a coding assistant. - [Data Exposure & Exfiltration] (SAFE): The skill identifies sensitive directories (auth, login, payment) and prompts the agent to provide security checklists. This is a defensive feature that reduces the likelihood of accidental credential exposure during implementation.
Audit Metadata