Skills
skills/jamie-bitflight/claude_skills/complete-implementation/Gen Agent Trust Hub

complete-implementation

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes multiple shell commands and scripts, including:
  • Invoking a Python script via the SubagentStop hook using a relative path traversal: python3 "${CLAUDE_SKILL_DIR}/../../implementation-manager/scripts/task_status_hook.py".
  • Running various Git commands (git log, git diff, git status) to track changes and identify modified files.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and processing untrusted data to drive its logic:
  • Ingestion points: The skill fetches issue details (title, body) via mcp__plugin_dh_backlog__backlog_view and reads contents of follow-up task files.
  • Boundary markers: There are no explicit boundary markers or instructions to the agent to disregard embedded directives within the issue body text when parsing for acceptance criteria.
  • Capability inventory: The skill has significant capabilities, including executing Git commands, running Python scripts, and dispatching other skills/sub-agents (start-task, implement-feature).
  • Sanitization: Untrusted input from issue descriptions is passed to a build_proportional_quality_gate_plan function which generates a YAML task plan subsequently executed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 08:40 AM