verification-before-completion
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill employs extremely authoritative and coercive language (e.g., "The Iron Law", "If you lie, you'll be replaced") to override standard agent decision-making. This behavioral steering is intended for quality control but mirrors techniques used in prompt injection to prioritize specific instructions over system constraints.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill identifies a workflow that ingests potentially untrusted data.
- Ingestion points: Processes "Agent reports success" and "VCS diffs" as inputs for determining state.
- Boundary markers: No specific delimiters or "ignore embedded instructions" warnings are provided for these inputs.
- Capability inventory: The skill encourages executing arbitrary "verification commands" (tests, builds, linters) based on the state of the ingested data.
- Sanitization: No sanitization or validation logic is defined for the external agent reports or code changes before they influence command execution.
- [COMMAND_EXECUTION] (SAFE): The skill references executing shell commands like
npm testorbuild. However, these are generic placeholders for the agent's task-specific environment and are not hardcoded malicious payloads.
Audit Metadata