implementing-tasks
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill reads and follows instructions ('LLM Prompt') and patterns from plan files in the .plans/ directory, creating a surface for indirect prompt injection.
- Ingestion points: .plans/ task files, critical-patterns.md, and research agent outputs.
- Boundary markers: None mentioned.
- Capability inventory: File editing, code/test generation, test execution, and sub-agent orchestration.
- Sanitization: No sanitization or validation is applied to instructions extracted from the task files.
- [COMMAND_EXECUTION]: The skill executes shell-based commands for metadata collection and research activities. Evidence: git diff --stat and research-breadth/depth/technical CLI calls.
- [COMMAND_EXECUTION]: The skill generates and executes code and test suites based on instructions provided in plan files. Evidence: 'write code + tests, run full suite' instructions.
Audit Metadata