ce-work
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a standard software engineering workflow with clear phases for planning, execution, and quality control. It relies on platform-native tools and other trusted skills for committing code and reviewing changes.\n- [COMMAND_EXECUTION]: The skill uses shell commands for routine git operations such as branch management, merging, and creating worktrees. These operations are restricted to the local repository context and are necessary for the skill's primary purpose.\n- [PROMPT_INJECTION]: The skill processes external input from plan documents and repository files (Indirect Prompt Injection surface). \n
- Ingestion points: $ARGUMENTS in SKILL.md and repository files read during the task execution loop in Phase 2.\n
- Boundary markers: Input is wrapped in <input_document> tags in SKILL.md.\n
- Capability inventory: The skill has permissions to write files, execute git commands, and interact with external APIs (PRs and trackers).\n
- Sanitization: The workflow requires an initial clarification phase (Phase 1) and a mandatory code review gate (Phase 3) before shipping changes, mitigating the risk of executing malicious instructions embedded in input data.\n- [DATA_EXFILTRATION]: The skill interacts with remote repositories and project trackers (Linear, Jira, GitHub). While this involves sending data (code review findings and implementation details) externally, these actions are transparently documented as core features of the shipping and tracking workflow.
Audit Metadata