jpralph-iterate
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Prompt Injection] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it ingests and acts upon instructions from external data files without sanitization.
- Ingestion points:
prd.json(user stories) andprogress.txt(codebase patterns). - Boundary markers: Absent. The agent is directed to pick the 'highest priority' story directly from the data.
- Capability inventory: File system write, git operations, and shell command execution (
npm,test, etc.). - Sanitization: None provided. A malicious user story in
prd.jsoncould potentially trick the agent into performing destructive actions. - [Command Execution] (LOW): The instructions command the agent to 'Run quality checks... use whatever your project requires'. While this is the intended purpose of the skill, it creates a surface where a compromised repository's configuration (like
package.jsonscripts) could lead to the execution of malicious code. Severity is lowered as this is the primary intended function of a development agent.
Audit Metadata