apex
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local bash scripts provided with the package (
setup-templates.shandupdate-progress.sh) to manage the workflow's state and file structure. - [COMMAND_EXECUTION]: During the implementation and validation steps, the skill runs project-specific commands such as
pnpm run typecheck,pnpm run lint, andpnpm run testto verify code quality. - [COMMAND_EXECUTION]: The skill automates git operations including branch creation and management, and uses the GitHub CLI (
gh) to create pull requests as part of its finalization process. - [PROMPT_INJECTION]: The skill uses internal 'Mandatory Execution Rules' and 'Protocols' to guide the agent through its systematic workflow. These are operational constraints rather than malicious instructions.
- [PROMPT_INJECTION]: An indirect prompt injection surface exists during the analysis and review phases where the skill ingests content from the local codebase.
- Ingestion points: Codebase files and library documentation read during the 'Analyze' and 'Examine' stages.
- Boundary markers: The skill separates findings by appending them to specific, pre-created markdown files (e.g.,
01-analyze.md,05-examine.md). - Capability inventory: The skill can execute shell commands (
pnpm,git,gh) and has full read/write access to the local project directory. - Sanitization: Ingested code content is processed as text for analysis, utilizing the underlying agent's standard safety guardrails.
Audit Metadata