bootstrap
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by interpolating user-provided requirements into instructions that guide the behavior of various subagents (planner, researcher, developer). 1. Ingestion points: User requirements are ingested through the $ARGUMENTS variable in the SKILL.md file. 2. Boundary markers: Input data is wrapped in XML-style tags to delimit it from system instructions. 3. Capability inventory: The agent possesses extensive capabilities including file system modification, shell command execution for compilation, and network access via specialized tools. 4. Sanitization: The risk is mitigated by a phased workflow that requires explicit user approval of the technology stack and implementation plans before code execution.
- [COMMAND_EXECUTION]: The skill facilitates the execution of build and type-checking commands during the implementation and testing phases, which involve running logic derived from plans generated based on user-supplied parameters.
Audit Metadata