dev-lifecycle
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various system and development commands to manage the project lifecycle.
- Runs
scripts/check-status.shto infer the current project phase by checking for the existence of documentation and counting tasks in planning files. - Uses
gitcommands (e.g.,git worktree,git branch,git -C) to create isolated development environments and verify branch state. - Instructs the agent to use project-specific dependency managers like
npm,pnpm,uv,poetry, andcargoto bootstrap the environment. - [EXTERNAL_DOWNLOADS]: The skill relies on the
npxcommand to fetch and execute theai-devkitpackage from the npm registry. - Executes
npx ai-devkit@latest lintandnpx ai-devkit@latest initto validate and set up project documentation structures. - Uses
npx ai-devkit@latest memoryto store and retrieve contextual information during the design and requirements phases. - [REMOTE_CODE_EXECUTION]: The use of
npx ai-devkit@latestinvolves downloading and executing the latest version of an external package from a public registry at runtime. - [PROMPT_INJECTION]: The skill processes untrusted project data (such as user-provided requirements and design documents) to guide the agent's actions. It manages this by using specific reference files for each phase and maintaining a structured documentation convention (
docs/ai/).
Audit Metadata