implement
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests and processes user-provided SPEC.md files to guide the behavior of an autonomous iteration agent. ● Ingestion points: SPEC.md and spec.json files (processed in Phase 1 and 2). ● Boundary markers: No explicit delimiters or XML tags are used in the prompt templates to isolate user-provided specification content from instructions. ● Capability inventory: The iteration agent (invoked via claude CLI) has full permissions to modify the filesystem, execute shell commands, and perform git operations. ● Sanitization: The skill does not perform validation or sanitization of the natural language content within the specification files before they are processed by the agent.
- [COMMAND_EXECUTION]: The skill executes multiple local system commands to manage the development environment and the implementation loop, including git for branch management, package managers (pnpm/npm) for dependency installation, and the claude CLI for autonomous code generation. It also supports executing commands within Docker containers when the --docker flag is provided.
Audit Metadata