swain-do
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a vendored CLI tool (
tk) and various shell utilities (git,sed,awk,find) to manage task state and project configuration. It also defines a plugin mechanism that executes external scripts found in the system PATH.\n- [PROMPT_INJECTION]: The skill processes external implementation plans viaingest-plan.py. This creates an indirect prompt injection surface as these files could contain instructions designed to influence the agent's behavior during task decomposition.\n - Ingestion points:
scripts/ingest-plan.py(markdown plan files),bin/tk(markdown ticket files).\n - Boundary markers: Absent. No specific delimiters or warnings are used to ignore instructions within the ingested content.\n
- Capability inventory: The skill has access to
Bash,Read,Write,Edit,Grep, andGlobtools.\n - Sanitization: Absent. The content of plan files is parsed and converted into ticket descriptions without filtering or escaping.
Audit Metadata