spike
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes environment-defined verification commands such as
make format lint,cargo clippy, ornpm run lintduring the validation phase to ensure code quality. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests and implements logic based on the content of existing project files and user-provided descriptions. 1. Ingestion points: Reads all relevant project files during the 'Prepare' phase. 2. Boundary markers: No delimiters or explicit instructions to ignore embedded commands are present in the prompt templates. 3. Capability inventory: The skill can modify local files, manage git branches, and execute shell commands. 4. Sanitization: No sanitization or validation of the ingested code or approach descriptions is performed before the agent implements the logic.
Audit Metadata