Skills
skills/djalmajr/essential-skills/agile-post-impl/Gen Agent Trust Hub

agile-post-impl

Pass

Audited by Gen Agent Trust Hub on Apr 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill is instructed to execute local shell commands to verify the state of a delivery. Specific commands include bun run lint, bun run typecheck, tsc --noEmit, and bun test. These are standard tools in a JavaScript/TypeScript development environment and are used here for their intended purpose of project verification.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data from external files.
  • Ingestion points: Reads content from project plans, stories, or epics stored on the filesystem (e.g., in .agents/plans/ or planning/ directories).
  • Boundary markers: The instructions do not specify the use of delimiters or warnings to ignore instructions embedded within the processed files.
  • Capability inventory: The skill has the capability to execute shell commands (via bun and tsc) and write files to the local filesystem.
  • Sanitization: There is no evidence of sanitization or validation of the content read from the external files before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 12, 2026, 10:10 PM