takt-facet-builder
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's workflow definitions (YAML 'pieces') utilize the
Bashtool to perform system-level operations required for software development, such as running tests (npm test), building projects (npm run build), and executing infrastructure plans (terraform plan). These are primarily used in pieces likebackend.yaml,terraform.yaml, andtakt-default.yaml. - [EXTERNAL_DOWNLOADS]: The skill enables
WebSearchandWebFetchtools to retrieve information from the internet for research tasks (e.g., inresearch.yamlanddeep-research.yaml). It also uses the GitHub CLI (gh) to download Pull Request and Issue data from GitHub repositories, as described in thegather-review.mdfacet. - [PROMPT_INJECTION]:
- Indirect Prompt Injection Surface: The skill ingests untrusted data from external web pages and GitHub Issues/PRs (e.g., in
research-dig.mdandgather-review.md). This external content is interpolated into the agent context. The agent possesses high-privilege capabilities includingBashexecution and fileEdit/Writepermissions (defined in piece files likebackend.yamlandterraform.yaml). No explicit sanitization or 'ignore embedded instructions' delimiters are applied to this external content before processing. - Operational Behavioral Steering: The skill includes specific instructions in
ai-fix.md("あなたの「修正済み」という認識が間違っています" / "Your recognition of 'fixed' is wrong") designed to override the agent's internal assumptions and correct common hallucination patterns. These are benign operational directives intended to improve reliability rather than malicious overrides.
Audit Metadata