dev-workflow
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands including
gofmt,pnpm run format,golangci-lint, andpnpm run lintas part of its quality gate process. It also executes test suites for the code and tests it generates locally.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It ingests data from external project files (specifications, requirements, and tasks) and passes this data to sub-agents that possess code-writing and command-execution capabilities. There are no boundary markers or sanitization steps to prevent instructions within these files from overriding agent behavior.\n - Ingestion points: Found in
references/multi-task-mode.mdandreferences/single-task-mode.mdtargetingprd/specs/*/tasks.md,spec.md,requirements.md, and**/README.md.\n - Boundary markers: Absent in the sub-agent prompts; instruction blocks are defined but do not contain warnings to ignore embedded content.\n
- Capability inventory: Sub-agents launched via the
Tasktool are tasked with writing code, creating/modifying files, and executing shell commands (linting, formatting, and running tests).\n - Sanitization: No input validation, escaping, or instruction filtering is applied to the content of the ingested project files before processing.
Audit Metadata