do-execute
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection vulnerability surface detected. The skill processes external data (approved plans and repository files) which could contain hidden instructions that influence agent behavior during implementation or verification.
- Ingestion points: The 'Scope' phase in
SKILL.mdreads an approved plan and identifies 'target_files' from the repository. - Boundary markers: Absent. The skill lacks explicit delimiters or instructions to ignore embedded commands within the processed plan or file content.
- Capability inventory: The skill performs file writes (Implement phase) and executes system commands to generate E3 evidence (Verify and Review phases).
- Sanitization: Absent. There are no validation or escaping steps described for the content being processed or the commands being executed.
- [COMMAND_EXECUTION]: The skill inherently requires command execution as part of its 'Verify' and 'Review' phases to produce 'E3 evidence' (executed command + observed output). While this is a core feature, it serves as the capability vector for potential indirect prompt injection attacks.
Audit Metadata