do-work
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill includes explicit instructions in
commit.mdandwork.mdto exclude sensitive files such as.env, credentials, and private keys from git staging and commits, protecting the user's secrets. - [EXTERNAL_DOWNLOADS]: The
version.mdaction performs a network request to the vendor's official GitHub repository to compare local and remote versions. This is a standard update-checking mechanism using a well-known service. - [COMMAND_EXECUTION]: The orchestrator manages the task queue and archive using standard filesystem and git commands. These operations are scoped to the project's
do-work/directory and follow strictly defined patterns. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes verbatim user input that is later used as context for implementation agents. * Ingestion points: User requests are captured verbatim in
do-work/user-requests/UR-NNN/input.mdanddo-work/REQ-*.mdfiles. * Boundary markers: No specific boundary markers or 'ignore' instructions are used to delimit user-provided content from agent instructions. * Capability inventory: The orchestrator spawns subagents with shell execution and file modification capabilities to fulfill the requests. * Sanitization: No sanitization or filtering is applied to the captured verbatim input.
Audit Metadata