the-hit
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it orchestrates data flow from task definitions to sub-agents. This is an inherent property of the workflow rather than a specific vulnerability.
- Ingestion points: External data such as 'Work Packages', 'Contract clauses', and 'Constitution rules' are ingested in SKILL.md and passed to sub-agents (Capos and Soldiers).
- Boundary markers: The skill lacks explicit boundary markers or instructions for sub-agents to ignore potential malicious content within the Work Packages.
- Capability inventory: The skill dispatches sub-agents via
gangsta:the-capoandgangsta:drill-tddwhich possess the capability to modify files and execute tests. - Sanitization: No sanitization or validation of the ingested task metadata is performed before interpolation into sub-agent prompts.
- [COMMAND_EXECUTION]: The skill references the execution of tests via the
gangsta:drill-tddskill. This is the intended behavior for verifying software implementations and does not involve arbitrary or unauthorized command execution.
Audit Metadata