create-epics
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill's functionality is consistent with its stated purpose of managing project documentation and does not exhibit malicious patterns or unauthorized access to sensitive system areas.\n- [COMMAND_EXECUTION]: The skill uses the 'Grep' tool to search local design documents and the 'Task' tool to initiate a structural review process using a secondary agent.\n
- Evidence: Grep is used to scan 'design/gdd/*.md' for system summaries to determine processing scope.\n
- Evidence: The 'Task' tool is invoked to run a 'producer' agent gate (PR-EPIC) for architectural validation.\n- [PROMPT_INJECTION]: The skill processes external markdown files (GDDs) to extract requirements, which represents a potential surface for indirect prompt injection. However, the risk is handled via structured workflows and human-in-the-loop confirmation.\n
- Ingestion points: Reads system design documents from 'design/gdd/*.md' and architecture manifests from 'docs/architecture/'.\n
- Boundary markers: The skill does not use specific delimiters or instructions to isolate the content of the GDDs from the agent's core instructions.\n
- Capability inventory: The skill possesses 'Write' access to the project directory and the 'Task' capability for agent orchestration.\n
- Sanitization: No automated sanitization of the markdown content is performed; however, all generated epic definitions are presented to the user for manual approval before the 'Write' tool is executed.
Audit Metadata