define
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill operates as a structured prompt-based interface for planning and requirements gathering. It writes logs and manifests to the local
/tmpdirectory and references local guidance files. It does not perform network requests, access sensitive system credentials, or implement persistence mechanisms. All logic is transparent and focused on task decomposition and quality assurance. - [PROMPT_INJECTION]: The skill exhibits an inherent surface for indirect prompt injection because it ingests untrusted user-provided task descriptions to generate manifests that may include executable bash verification commands. However, the skill's design explicitly mitigates this through mandatory 'Adversarial Self-Review' and 'Pre-Mortem' phases, where the agent is instructed to imagine failure modes and align the manifest with established quality gates. This structural discipline reduces the likelihood of an agent blindly adopting malicious instructions from the input.
- [COMMAND_EXECUTION]: While the skill generates manifests that can contain bash commands for verification, it does not execute these commands itself. The commands are produced as part of a structured plan to be reviewed by the user and potentially executed by a separate implementation agent. The process requires explicit user approval of the manifest summary before completion.
Audit Metadata