Skills
skills/howells/arc/implement/Gen Agent Trust Hub

implement

Pass

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill performs extensive shell command execution for managing git worktrees, running test suites, linting code, and interacting with the GitHub CLI (gh). It also executes a project-local script ${ARC_ROOT}/scripts/cleanup-orphaned-agents.sh for process management.
  • [EXTERNAL_DOWNLOADS]: Executes package managers (pnpm, npm, yarn) to install project dependencies from external registries.
  • [PROMPT_INJECTION]: The skill demonstrates an indirect prompt injection surface as it processes external documentation and configuration to drive agent behavior.
  • Ingestion points: Reads implementation plans (docs/arc/plans/), design documents, package.json, and .ruler/ coding rules.
  • Boundary markers: None identified for delimiting ingested content during task execution.
  • Capability inventory: Full shell execution, git/gh CLI usage, and the ability to spawn specialized build agents.
  • Sanitization: No input validation or escaping mechanisms are described for the ingested data before it influences agent operations.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 28, 2026, 09:41 AM