lfg
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues or malicious indicators were identified. The skill acts as an orchestrator for an autonomous engineering workflow using internal tools.
- [COMMAND_EXECUTION]: The skill sequences several engineering tools via slash commands (e.g.,
/ce:work,/ce:plan,/compound-engineering:test-browser) to automate code changes and testing. These tools are consistent with the skill's stated purpose. - [PROMPT_INJECTION]: The skill demonstrates a surface for indirect prompt injection by ingesting user-supplied feature descriptions to drive autonomous implementation.
- Ingestion points: User input via
$ARGUMENTSinSKILL.md. - Boundary markers: Absent; user input is passed directly to the planning tool.
- Capability inventory: High-privilege tools including
/ce:work(file system modification) and/compound-engineering:test-browser(testing/execution) are present in the workflow. - Sanitization: Absent; the skill relies on the underlying agent's reasoning or tool-level validation to handle untrusted input.
Audit Metadata