implementing
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands including
git branch --show-currentand project-specific verification tools such asmake formator folder-specificMakefiletargets. It also runs local Python scripts via hooks (plan_checkbox_reminder.py,plan_checkbox_stop.py) located in the vendor's plugin root directory. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it ingests and acts upon instructions from untrusted technical plans and source code.
- Ingestion points: Technical plan files (Markdown/YAML) and codebase files read during the implementation process.
- Boundary markers: Absent; the agent lacks explicit delimiters or instructions to disregard embedded commands within the processed data.
- Capability inventory: The skill possesses the ability to write and edit files, perform git operations, and execute shell commands via build tools (make).
- Sanitization: Absent; the skill does not implement validation or filtering for the content of the plans or files it processes before execution or interpolation.
Audit Metadata