continuous-mode
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it relies on VISION.md and CLAUDE.md to define its goals and constraints. (1) Ingestion points: VISION.md and CLAUDE.md in the repository root. (2) Boundary markers: Absent; the agent is told to treat these files as its 'compass' without restriction. (3) Capability inventory: File system access, git operations, and execution of local test suites. (4) Sanitization: Absent; no validation of content within ingested files.
- [COMMAND_EXECUTION]: The skill requires executing system commands to function. It runs git log to orient itself and executes test suites as part of the TDD cycle, which involves running scripts or binaries defined in the repository environment.
Audit Metadata