dev-workflow
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill instructions and associated reference documents do not contain any malicious code, obfuscation, or commands that perform unauthorized actions.
- [PROMPT_INJECTION]: The skill architecture inherently possesses an indirect prompt injection surface because the agent is instructed to read and follow implementation plans derived from potentially untrusted user requirements. 1. Ingestion points: The agent reads from artifacts in the .ai/tasks/ directory, including task.md and plan.md. 2. Boundary markers: The instructions do not specify the use of delimiters or 'ignore embedded instructions' warnings when reading these artifacts. 3. Capability inventory: The implementation phase (references/phase-implement.md) encourages the agent to execute verification steps such as running tests, builds, and linters. 4. Sanitization: No sanitization or validation logic is defined for the content of the workflow artifacts before the agent acts upon them.
Audit Metadata