pipeline
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The pipeline controller is authorized to execute operational commands including git operations, test suite runners, and mutation testing tools as part of its orchestration logic. This is the primary function of the orchestrator and is clearly documented in SKILL.md.
- [EXTERNAL_DOWNLOADS]: The skill documentation references the installation of dependent components from the author's own repository using npx. This follows standard installation procedures for the agent environment and targets vendor-owned resources.
- [PROMPT_INJECTION]:
- Ingestion points: The skill ingests vertical slice definitions from
.factory/slice-queue.json(documented inreferences/slice-queue.md), which contain natural language scenarios that drive implementation tasks. - Boundary markers: The system implements an 'Agent Delivery Contract' (detailed in
references/agent-delivery-contract.md) to define intent and uses per-phase context scoping as described inreferences/tokenomics.mdto limit the data provided to agents. - Capability inventory: The skill can perform git repository management, execute local commands for testing/CI, and coordinate subagents via the
Agent()tool. - Sanitization: Human sign-off on the 'Agent Delivery Contract' and 'Slice Readiness Review' is required before implementation begins, serving as a manual validation step for ingested instructions as specified in
references/slice-readiness-review.md.
Audit Metadata