aidlc
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill is designed to perform build and test operations as defined in
references/construction/build-and-test.md. While this involves executing shell commands, the risk is mitigated by a mandatory two-part execution pattern (Planning → Generation) where the user must explicitly approve the execution plan before any commands are run. - [INDIRECT_PROMPT_INJECTION] (SAFE): The skill possesses an attack surface for indirect prompt injection because it reads and analyzes existing codebases (
references/inception/reverse-engineering.md). - Ingestion points: Reads files from the local workspace root during workspace detection and reverse engineering stages.
- Boundary markers: Employs structured markdown templates and strictly defined directory boundaries (
aidlc-docs/). - Capability inventory: Capabilities include file system modification (code generation) and shell command execution (build/test).
- Sanitization: All outputs are subject to 'Content Validation' rules (
references/common/content-validation.md) and mandatory human review gates before progression. - [EXTERNAL_DOWNLOADS] (SAFE): The README suggests using
npxfor installation, but the skill's logic does not include instructions for the agent to download and execute arbitrary remote scripts without user interaction.
Audit Metadata