vertical-slice-delivery
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell commands to perform standard git operations such as staging files, committing changes with conventional messages, and identifying the base branch. It also incorporates the use of code formatters (e.g., prettier, biome) and linters during the quality gate and delivery phases. These operations are restricted to project maintenance and are consistent with the skill's primary purpose of software delivery.
- [INDIRECT_PROMPT_INJECTION]: The agent processes untrusted data from the local filesystem, including source code files and git logs, during the delivery and review stages. While these inputs could theoretically contain malicious instructions, the skill treats them as data for evaluation against defined code guidelines and planning objectives. The potential for injection is mitigated by the structured workflow and the specific roles assigned to sub-agents.
- [DATA_EXPOSURE]: The skill accesses local repository metadata and file contents to perform its tasks. There are no network operations or external data transmissions detected that would indicate data exfiltration or unauthorized exposure of sensitive information.
Audit Metadata