implement
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The orchestrator executes a local Python script (
validate_no_placeholders.py) via theuvtool to gate-check phase content for skeleton or placeholder text before implementation. - [REMOTE_CODE_EXECUTION]: The skill spawns sub-agents for building, validation, and auditing using the
Tasktool withmode: "bypassPermissions". These agents are granted the necessary permissions to implement code, manage git worktrees, and run tests. - [PROMPT_INJECTION]: The skill processes user-provided plan and phase files, which introduces an indirect prompt injection surface.
- Ingestion points: $ARGUMENTS/plan.md and phase-*.md files (SKILL.md).
- Boundary markers: No delimiters or explicit warnings are used when interpolating phase content into builder prompts.
- Capability inventory: Sub-agents have extensive capabilities including file system modification, git operations, and shell command execution (team-operations.md).
- Sanitization: No explicit sanitization or filtering of external plan content is performed before processing.
Audit Metadata