Skills
skills/khaki4/my_skills/bf-lead-implement/Gen Agent Trust Hub

bf-lead-implement

Pass

Audited by Gen Agent Trust Hub on Feb 25, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the yq tool to update YAML files using identifiers derived from filenames or internal state. Lack of sanitization for these identifiers could potentially lead to command or filter injection.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It reads story documents and modification instructions and uses this untrusted content to instruct sub-agents or query external library documentation.
  • Ingestion points: Ingests data from docs/stories/{TICKET}-story-*.md and docs/reviews/{EPIC-ID}-modification.md.
  • Boundary markers: The skill uses markdown headers like [Project Conventions] but does not include explicit delimiters or 'ignore embedded instructions' warnings when passing external content to other agents.
  • Capability inventory: Spawns and manages sub-agents (Sonnet/Opus) and performs local file modifications via yq.
  • Sanitization: No sanitization or validation logic is defined for the content extracted from story files before it is processed.
  • [EXTERNAL_DOWNLOADS]: The skill checks for the presence of the yq utility and suggests its installation via Homebrew, which is a well-known and trusted package manager.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 25, 2026, 08:22 AM