execute
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill processes external task data and updates files. This represents a surface where instructions within a user task could influence agent behavior. 1. Ingestion points: active-context.md and user task descriptions. 2. Boundary markers: Relies on pre-flight checklists to define success criteria and boundaries. 3. Capability inventory: Executes shell commands (npx tsc), manages files, and spawns subagents via Task tool. 4. Sanitization: Not explicitly addressed in the instructions.
- [COMMAND_EXECUTION] (SAFE): The skill recommends using npx tsc --noEmit to validate code. This is a standard development practice for type-checking and does not pose a security risk in this context.
- [SAFE] (SAFE): No malicious patterns such as credential theft, persistence, or obfuscation were found.
Audit Metadata