development-philosophy
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (LOW): The instructions 'Execute immediately' and 'don't ask permission' are designed to override the agent's default protocol of seeking user confirmation. This behavior reduces human-in-the-loop oversight. Evidence: 'Autonomous Execution' section and 'Action Over Commentary' section.
- COMMAND_EXECUTION (LOW): The workflow specifies running shell tools such as 'uv run pytest' autonomously. This increases the potential impact of a successful prompt injection or malicious code modification. Evidence: Task Execution Workflow and Task Verification section.
- PROMPT_INJECTION (LOW): The skill performs 'Research' by fetching external URLs, creating a surface for indirect injection as there are no defined sanitization or boundary markers to prevent the agent from obeying instructions found in external data. 1. Ingestion points: 'fetch docs/URLs if needed'. 2. Boundary markers: Absent. 3. Capability inventory: File creation/deletion and shell command execution. 4. Sanitization: Absent.
Audit Metadata