sprint
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell commands including git, grep, and find for project state analysis. It also provides the agent with the authority to implement changes and run arbitrary test suites as part of the task execution phase.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from the project's local environment and processes it without security boundaries.\n
- Ingestion points: Phase 1 instructions direct the agent to read README.md, package.json, docs/plans/, and output from grep operations on source code comments.\n
- Boundary markers: Absent; the skill does not employ XML tags or explicit 'ignore embedded instructions' delimiters when incorporating project file content into the prompt context.\n
- Capability inventory: High; the agent is empowered to modify the file system and execute shell commands during Phase 4a (Execute).\n
- Sanitization: Absent; data retrieved from the codebase is used directly to inform the agent's planning and execution logic without validation or escaping.
Audit Metadata