Skills
skills/elliottrjacobs/bench-skills/engineer-work/Gen Agent Trust Hub

engineer-work

Pass

Audited by Gen Agent Trust Hub on Feb 24, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by design as it executes tasks defined in external implementation plans.
  • Ingestion points: Loads plan files from the path specified in $ARGUMENTS or from the docs/plans/ directory.
  • Boundary markers: No specific delimiters or safety instructions are used to distinguish plan tasks from potential malicious injections within the files.
  • Capability inventory: The skill utilizes Bash, Write, Edit, and the gh CLI to implement and commit code.
  • Sanitization: No sanitization or validation of the plan content is performed before the agent acts on the instructions.
  • [COMMAND_EXECUTION]: Executes shell commands to manage the software development lifecycle.
  • Evidence: Utilizes git for branch creation and commits, npx tsc for type checking, and gh pr create for repository interaction.
  • [EXTERNAL_DOWNLOADS]: Interacts with well-known registries to execute development utilities.
  • Evidence: Executes npx and npm run commands, which may fetch packages from the official NPM registry during quality checks.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 24, 2026, 02:36 AM