dev
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it reads and processes data from codebase files which could contain malicious instructions. * Ingestion points: The agent is instructed to read referenced files, globs for related files, and reference implementation files in SKILL.md. * Boundary markers: There are no explicit delimiters or instructions to ignore embedded prompts within the files being read. * Capability inventory: The agent has the ability to execute shell commands (pnpm, git) and modify files (Write/Edit tools) based on its interpretation of project patterns. * Sanitization: There is no sanitization or filtering of the content read from the files before it influences the agent's logic.
- [COMMAND_EXECUTION]: The skill requires the use of shell commands to perform essential verification steps. * Evidence: SKILL.md explicitly instructs the agent to run
pnpm test,pnpm run typecheck, andgit diff --name-only. - [DATA_EXFILTRATION]: The skill accesses sensitive project metadata and internal logic files. * Evidence: The workflow requires reading database schema migrations (
supabase/migrations/*.sql) and server-side service logic as part of its 'Step 3' and 'Step 4' implementation logic.
Audit Metadata