dev
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from the repository being worked on.
- Ingestion points: Files read in Step 1 (Understaning the Task), Step 3 (Reference Implementation globbing), and Step 4 (Reading files before editing).
- Boundary markers: Absent. The instructions do not define delimiters to separate file content from the agent's instructions.
- Capability inventory: Execution of shell commands via
pnpm, file modification viaWrite/Edittools, and the ability to invoke other domain-specific skills. - Sanitization: Absent. The skill processes the content of read files directly without validation or filtering.
- [COMMAND_EXECUTION]: The skill executes shell commands as part of its verification loop.
- Evidence: In Step 5, the skill runs
pnpm testandpnpm run typecheckto verify code changes. In Step 6, it runsgit diffto confirm the scope of modifications. These are standard operations for a development skill.
Audit Metadata