quality-workflow
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The AGENTS.md file defines a 'session gate' requiring the agent to execute the compose-agentsmd command before every response, acting as a persistent execution hook.
- [EXTERNAL_DOWNLOADS]: The skill is configured via agent-ruleset.json to dynamically load remote rule sets from the author's GitHub repository at runtime.
- [COMMAND_EXECUTION]: Instructions in AGENTS.md direct the agent to install the compose-agentsmd package globally using npm if it is not already present.
- [REMOTE_CODE_EXECUTION]: The use of remote rule loading combined with mandatory tool execution allows for external control over agent behavior and processing logic.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8). 1. Ingestion points: Project documentation and user-provided acceptance criteria. 2. Boundary markers: None identified. 3. Capability inventory: Command execution and global package installation. 4. Sanitization: No explicit validation of external data is described.
Audit Metadata