implement
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes tool hooks (PreToolUse, PostToolUse, and Stop) to execute internal Node.js scripts that log activity and generate execution flow diagrams.
- [COMMAND_EXECUTION]: Includes a Bash script (
create-branch.sh) to manage git worktrees which also attempts to run a repository-specific setup script (uptodate.sh) if it exists in the target project. - [EXTERNAL_DOWNLOADS]: Interacts with well-known technology platforms including JIRA, Confluence, GitHub, and Figma via sub-skills to retrieve requirements, documentation, and design specifications.
- [PROMPT_INJECTION]: The skill is subject to an indirect prompt injection surface as it ingests and processes untrusted data from external JIRA tickets and documentation.
- [PROMPT_INJECTION]: Mandatory Evidence Chain: (1) Ingestion points: Data enters the agent context through
phase2-jira-analyzer.md(JIRA API) andphase3.2-resource-scanning.md(Confluence and GitHub). (2) Boundary markers: State is isolated using structured XML tags (e.g.,<task>) and unique local directories for ticket assets. (3) Capability inventory: The skill maintains access to file modification (Edit/Write) and shell command execution (Bash) tools during its implementation phase. (4) Sanitization: Mitigation relies on structural guardrails, including an isolated implementation planning phase (phase5-implementation-planning.md) and a final user review checkpoint before any changes are finalized.
Audit Metadata