eve-plan-implementation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Command Execution] (SAFE): The skill frequently uses the
eveCLI tool to manage job states, dependencies, and git operations. These are the primary purpose of the skill and do not involve arbitrary shell execution or unsafe piping from the internet. - [Indirect Prompt Injection] (LOW): The skill is designed to ingest and process external 'plan documents' and 'AGENTS.md' files to generate task descriptions for worker agents.
- Ingestion points: Workflow step 1 explicitly reads the plan document and
AGENTS.mdfrom the repository. - Boundary markers: No specific boundary markers or instructions are provided to the agent to ignore potentially malicious commands embedded within the plan documents.
- Capability inventory: The orchestrator can create jobs, set dependencies, and configure git policies. Worker jobs (spawned by this skill) have the capability to read/write code and run tests.
- Sanitization: There is no evidence of sanitization or validation of the plan document content before it is interpolated into job descriptions.
- [Data Exposure] (SAFE): While the skill reads
AGENTS.mdand plan documents, these are typically project-specific configuration files rather than sensitive system credentials or environment secrets.
Audit Metadata