fullstack-implementation
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection attack surface.
- Ingestion points: The skill reads local project documentation (
docs/code-standards.md,docs/codebase-summary.md,docs/system-architecture.md) and uses external memory/context tools (mcp_context7,mcp_codex-bridge) to inform implementation decisions. - Boundary markers: The instructions do not define boundary markers or instruct the agent to ignore potentially malicious instructions embedded within the documentation it reads.
- Capability inventory: The skill utilizes the
Bash,Write, andEdittools, allowing it to modify the codebase and execute arbitrary shell commands. - Sanitization: No sanitization or validation logic is present to filter or escape instructions found in the ingested data before they influence the agent's actions.
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to execute a suite of validation commands. - Evidence: It executes
composer test,npm run types,npm run lint,./vendor/bin/pint,python -m pytest,ruff check ., andmypy .to verify implementation success. - Analysis: These are standard development verification commands. However, since they rely on the configuration and integrity of the local project files (e.g.,
package.json,composer.json), their safety is dependent on the security of the repository environment being worked on.
Audit Metadata