final-verification
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to execute project quality gates, including formatting checks, linting, type checks, and the full project test suite. These operations are restricted to standard development tools and are necessary for the skill's primary function of feature verification.\n- [PROMPT_INJECTION]: The skill ingests requirements and goals from external documentation files, which constitutes a potential surface for indirect prompt injection.\n
- Ingestion points: Reads project goals and acceptance tests from
.planning/harness/DISCOVERY.mdand.planning/harness/PLAN.md.\n - Boundary markers: The process instructs the agent to extract goals from specific sections of the files, but there are no explicit delimiters to ignore embedded instructions within those sections.\n
- Capability inventory: The agent has capabilities to read the codebase, write a verification report to the filesystem, and execute test/lint commands.\n
- Sanitization: No explicit sanitization or filtering of ingested text is described beyond the logical "Goal-backward" verification principle.
Audit Metadata