spec-start
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the 'ls' command for a basic filesystem check to ensure the project has been initialized.
- [PROMPT_INJECTION]: The multi-agent architecture introduces an indirect prompt injection surface through the passing of reports and plans between agents. 1. Ingestion points: Agents ingest 'exploration-report.md' and 'plan.md' produced by other roles. 2. Boundary markers: There are no explicit instructions or delimiters to isolate untrusted data in the role prompts. 3. Capability inventory: The agents can create teams and invoke other development skills. 4. Sanitization: No content validation or sanitization is specified for the inter-agent communication flow.
Audit Metadata