agent-coordination
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill methodology references the use of the GitHub CLI (gh pr create) for task finalization and calls an external tool or skill named specification-validation during the completion protocol.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of aggregating data from various external markdown files and agent outputs. (1) Ingestion points: Reads from project files such as product-requirements.md, solution-design.md, and implementation-plan.md. (2) Boundary markers: No delimiters are specified in the instructions to distinguish between external data and the agent's core instructions. (3) Capability inventory: The agent can perform file modifications, execute CLI tools, and trigger downstream skills. (4) Sanitization: The methodology lacks instructions for validating or sanitizing the content it processes before interpolation into its workflow.
Audit Metadata