feature-dev
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions to bypass safety guidelines or reveal system prompts were detected. The workflow is structured around logical development phases with clear instructional boundaries.
- Data Exposure & Exfiltration (SAFE): The skill does not access sensitive credentials, private keys, or perform network operations to non-whitelisted domains. It operates on the existing codebase for context-aware development.
- Remote Code Execution (SAFE): No remote script downloads or dynamic code execution patterns (like eval or exec) are present. It relies on internal specialized agents (explore-agent, debugger, plan-agent) for analysis.
- Indirect Prompt Injection (SAFE): Although the skill ingests codebase content via the explore-agent and debugger agent, this surface is associated with the primary development purpose. The workflow includes mandatory human-in-the-loop checkpoints at every phase to validate agent outputs.
- Privilege Escalation (SAFE): No attempts to acquire elevated permissions, modify system configuration files, or install background services were identified.
Audit Metadata